slack
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading external content.\n
- Ingestion points: The 'readMessages' and 'reactions' actions in 'SKILL.md' allow the agent to fetch message history and reactions from Slack.\n
- Boundary markers: There are no instructions provided to the agent to treat Slack message content as untrusted or to ignore instructions embedded within the messages.\n
- Capability inventory: The skill includes several powerful actions such as 'sendMessage', 'editMessage', 'deleteMessage', and 'pinMessage' that could be abused if an injection is successful.\n
- Sanitization: There is no evidence of input sanitization or validation of the message content before processing.
Audit Metadata