slack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill accesses sensitive information including user email addresses (users:read.email scope) and message history. It performs network requests to slack.com, which is not on the predefined whitelist of trusted domains.
- Indirect Prompt Injection (LOW): The skill possesses an indirect injection surface. Ingestion points: Slack messages, search results, and file content (SKILL.md). Boundary markers: No explicit markers or instructions to ignore embedded commands are present. Capability inventory: Sending messages, creating channels, uploading files, and performing arbitrary Slack API actions via the slack-api helper (references/api.md). Sanitization: No sanitization or escaping mechanisms are described for handling untrusted Slack data.
Audit Metadata