slack-qa-investigate
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill is designed to search and read local files and fetch external web content. This capability could be leveraged to expose sensitive configuration files or environment secrets if they exist within the repository's scope.
- EXTERNAL_DOWNLOADS (LOW): The instructions encourage fetching content from external URLs and third-party documentation. This introduces a risk where the agent may process untrusted or malicious content from the web.
- COMMAND_EXECUTION (SAFE): The skill permits 'safe shell commands' but explicitly forbids operations with side effects like file writes or installs. The safety depends on the LLM's interpretation of 'safe'.
- Indirect Prompt Injection (LOW): The skill has a significant attack surface for indirect injections. Ingestion points: Fetched web pages, external documentation, and local repository files. Boundary markers: Absent; there are no instructions to treat file content strictly as data or to ignore embedded commands. Capability inventory: Read-only shell commands, file reading, and web fetching tools. Sanitization: Absent; the skill does not include logic to filter or sanitize data retrieved from external sources before processing.
Audit Metadata