Skills
skills/lox/slack-cli/slack/Gen Agent Trust Hub

slack

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing the slack-cli tool via Homebrew (lox/tap/slack-cli) or Go (github.com/lox/slack-cli). These resources are hosted on GitHub and originate from the skill author's own repositories.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run various slack-cli subcommands. The execution environment is restricted to the slack-cli command set through the allowed-tools YAML frontmatter configuration.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from an external source (Slack).
  • Ingestion points: slack-cli view, slack-cli channel read, slack-cli thread read, and slack-cli search as defined in SKILL.md.
  • Boundary markers: Absent. The skill does not provide the agent with specific delimiters or instructions to ignore potential commands embedded within the retrieved Slack messages.
  • Capability inventory: The agent has the ability to execute shell commands, although these are scoped to the slack-cli tool.
  • Sanitization: Absent. The content fetched from Slack is processed directly without evidence of escaping or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 01:10 AM