hitl-approval
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted human feedback from Slack, creating an indirect prompt injection surface.\n
- Ingestion points: User data enters via the Slack interactions webhook in
apps/slack/app/api/slack/interactions/route.ts.\n - Boundary markers: There are no markers or instructions defined to prevent the agent from interpreting feedback as new commands.\n
- Capability inventory: The agent has access to several high-privilege tools, including
Bash,Write, andEdit.\n - Sanitization: The skill performs signature verification to authenticate Slack as the source, but does not sanitize the content for prompt-based attacks.
Audit Metadata