Skills
skills/linehaul-ai/linehaulai-claude-marketplace/slack-realtime-events/Gen Agent Trust Hub

slack-realtime-events

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill defines multiple ingestion points for untrusted data from Slack, creating a significant surface for indirect prompt injection.
  • Ingestion points: event.Text in handleMessageEvent and handleAppMention, command.Text in handleSlashCommand, and modal state values in handleModalSubmission.
  • Boundary markers: There are no boundary markers or delimiters used to separate user-provided data from system instructions.
  • Capability inventory: The skill performs side effects such as api.PostMessage and contains logic for high-impact actions like /deploy (simulated), which could be exploited if an attacker can influence the command string.
  • Sanitization: No sanitization, escaping, or schema validation is implemented for the incoming text content from Slack.
  • Credential Safety (LOW): The skill correctly demonstrates the use of environment variables (SLACK_BOT_TOKEN and SLACK_APP_TOKEN) instead of hardcoding secrets. However, users should be aware that these tokens grant significant privileges within a Slack workspace.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 10:19 AM