Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/slack-bot-creator/Gen Agent Trust Hub

slack-bot-creator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to process user-provided specifications for 'slack bot creator' tasks and has access to high-privilege tools.
  • Ingestion points: Processes user requests and potentially external data regarding bot patterns and workflow automation (SKILL.md).
  • Boundary markers: None detected. There are no instructions to ignore embedded commands or treat input as data only.
  • Capability inventory: The skill is granted Bash, Write, Edit, and Read permissions (SKILL.md frontmatter).
  • Sanitization: No sanitization or validation logic is defined to prevent instructions within the input from being treated as commands by the agent.
  • [Command Execution] (HIGH): The skill explicitly requests the Bash tool. In the absence of strict input controls, this allows for arbitrary command execution on the host system if the agent is manipulated by an injection attack.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:39 PM