slack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (LOW): The skill executes its primary logic by calling the refly CLI through a bash shell. Passing user-provided strings (message_content) into these commands could lead to local command injection if the agent environment fails to properly escape input.
- [Indirect Prompt Injection] (LOW): The skill accepts untrusted data and forwards it to an external messaging service (Slack). Ingestion points: message_content input parameter in SKILL.md. Boundary markers: No markers or 'ignore' instructions are present. Capability inventory: The skill can post messages to arbitrary Slack channels. Sanitization: No sanitization or validation of the input message is specified.
- [External Downloads] (LOW): The skill's installation instructions reference an external source (refly.ai) which is not among the whitelisted trusted providers, although this is the standard mechanism for the platform.
Audit Metadata