slack-web-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill contains legitimate code snippets for the Slack Go SDK. No evidence of credential theft, obfuscation, or unauthorized command execution was found.
- [Indirect Prompt Injection] (LOW): The skill facilitates the ingestion of external data from Slack, which is a potential injection surface.
- Ingestion points: Slack API methods such as
GetUserInfo,GetConversations, and messaging outputs. - Boundary markers: None explicitly used in the code snippets, but the documentation warns against common pitfalls.
- Capability inventory: Slack messaging (
PostMessage), channel management (CreateConversation), and file uploads (UploadFile). - Sanitization: The 'Common Pitfalls' section proactively advises escaping user input in messages to prevent injection.
Audit Metadata