Skills
skills/qverisai/qverisbot/slack/Gen Agent Trust Hub

slack

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data from Slack channels.
  • Ingestion points: The readMessages action retrieves untrusted content from Slack channels and DMs into the agent's context.
  • Boundary markers: There are no explicit instructions or delimiters provided to help the agent distinguish between its instructions and the content of the messages it reads.
  • Capability inventory: The skill provides write-access capabilities including sendMessage, editMessage, deleteMessage, pinMessage, and unpinMessage, which could be abused if the agent obeys instructions embedded in read messages.
  • Sanitization: No sanitization or validation of the message content is defined within the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:22 AM