slack-bot-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): Code templates use environment variables (os.environ) for all Slack secrets and tokens, avoiding hardcoded credentials. No data exfiltration patterns were found.
- [Indirect Prompt Injection] (SAFE): The skill provides patterns for Slack message handling. While applications built with these templates will ingest user data, the templates themselves are safe for the agent to use and do not contain malicious instructions.
- [Unverifiable Dependencies] (SAFE): The skill references official Slack libraries (slack-bolt, slack-sdk) from trusted sources. No unauthorized external downloads or remote code execution methods were identified.
Audit Metadata