slack-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines purely declarative workflows and templates for Slack automation. No malicious code, persistence mechanisms, or obfuscation were detected.
- [PROMPT_INJECTION]: The skill possesses a risk surface for indirect prompt injection. 1. Ingestion points: Data enters the agent context via Slack DMs (collect_responses), form submissions (Expense Approval), and external webhooks from HubSpot and GitHub (Cross-Platform Sync). 2. Boundary markers: The skill does not define explicit delimiters or instructions for the agent to ignore embedded commands within user-provided content. 3. Capability inventory: The skill utilizes slack_post_message, slack_create_channel, and slack_workflow_trigger tools. 4. Sanitization: No sanitization or validation logic is present to filter external content before it is interpolated into Slack messages or workflow triggers.
Audit Metadata