slack
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of
slack-clifrom an unverified GitHub repository (lox/slack-cli) via Homebrew or Go. This source is not included in the trusted organizations or repositories list, presenting a potential supply chain risk. - Indirect Prompt Injection (LOW): The skill processes untrusted message content from Slack, which could be used to influence agent behavior.
- Ingestion points: The tools
slack-cli view,slack-cli search, andslack-cli channel readingest external data. - Boundary markers: There are no instructions provided to the agent to treat the Slack content as data rather than instructions.
- Capability inventory: The agent has the capability to run the
slack-clitool to read workspace data. - Sanitization: No sanitization or filtering of the Slack content is mentioned or implemented in the skill instructions.
Audit Metadata