slack
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from Slack conversations.\n
- Ingestion points: Slack messages, threads, and search results (documented in SKILL.md and references/slack-tasks.md).\n
- Boundary markers: Absent; the skill instructions do not define delimiters or specific safety warnings for the agent when processing external Slack content.\n
- Capability inventory: The skill utilizes the
agent-browsertool for UI interaction and data extraction; shell access is restricted to specific commands via frontmatter configuration.\n - Sanitization: Absent; no sanitization or filtering of message content is implemented before processing.\n- [SAFE]: All external interactions target official Slack domains (
app.slack.com) and use standard browser automation patterns.\n- [SAFE]: No hardcoded credentials, unauthorized data exfiltration paths, or obfuscated scripts were detected in the skill components.
Audit Metadata