slack
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from external Slack messages.
- Ingestion points: The
readMessagesaction inSKILL.mdallows the agent to ingest content from Slack channels into its context. - Boundary markers: There are no instructions or delimiters provided to the agent to treat message content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill possesses several write-capable actions including
sendMessage,editMessage,deleteMessage,react, andpinMessagewhich could be abused if the agent follows instructions found in read messages. - Sanitization: No sanitization or validation of the ingested Slack message content is performed before processing.
Audit Metadata