slack
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection due to its core function of reading untrusted external data.\n
- Ingestion points: Untrusted data enters the agent's context when it captures message text or workspace state via
agent-browser get textandagent-browser snapshotas detailed inSKILL.mdandreferences/slack-tasks.md.\n - Boundary markers: The instructions lack explicit delimiters or safety warnings to distinguish between trusted system instructions and untrusted content retrieved from Slack.\n
- Capability inventory: The agent has the capability to perform actions in the Slack UI, such as clicking buttons, entering text, and navigating channels using the
agent-browsertool, which could be abused if malicious instructions are found in a message.\n - Sanitization: There is no evidence of content sanitization or validation of the data retrieved from Slack before the agent processes it.
Audit Metadata