slack-bot-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- CREDENTIALS_UNSAFE (SAFE): The code snippets consistently use environment variables (e.g.,
os.environ['SLACK_BOT_TOKEN']) rather than hardcoding secrets. The OAuth pattern explicitly includes placeholders for encryption and decryption logic when storing tokens in a database. - EXTERNAL_DOWNLOADS (SAFE): No unauthorized or suspicious external downloads are present. The skill references official Slack documentation and standard libraries.
- REMOTE_CODE_EXECUTION (SAFE): There are no patterns for remote code execution. The functionality is restricted to Slack API interactions and event handling via the Bolt framework.
- DATA_EXFILTRATION (SAFE): No unauthorized data exfiltration patterns were identified. Data transmission is limited to communication with Slack's official API endpoints through standard SDKs.
- INDIRECT_PROMPT_INJECTION (LOW): While the skill builds bots that process user-generated content (messages and slash commands), it does not include LLM-based processing of that data within the provided snippets. It follows standard Slack development patterns which are inherently subject to input from untrusted users, but it provides guidance on proper state validation and acknowledgement in its 'Sharp Edges' section.
- DYNAMIC_EXECUTION (SAFE): The skill uses static code patterns and official SDK imports; no dynamic execution (eval/exec) or runtime code generation was found.
Audit Metadata