slack
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design.
- Ingestion points: The skill reads external data from Slack channels via the
readMessagesandreactionsactions defined inSKILL.md. - Boundary markers: The documentation does not specify the use of delimiters or instructions for the agent to ignore commands within the ingested text.
- Capability inventory: The skill possesses capabilities to
sendMessage,editMessage,deleteMessage, andpinMessage(SKILL.md), which represent potential targets for exploitation via injected instructions. - Sanitization: No content sanitization or validation mechanisms are described for the data retrieved from Slack.
Audit Metadata