The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation instructions recommend downloading and executing a shell script from the vendor's official GitHub repository (https://raw.githubusercontent.com/stablyai/agent-slack/main/install.sh) by piping it directly to the shell.
[EXTERNAL_DOWNLOADS]: The skill documents installation via the agent-slack npm package and the Nix package manager, which involves downloading software from external registries.
[COMMAND_EXECUTION]: The skill instructs the agent to execute various Slack automation tasks using the agent-slack CLI binary, which is expected to be present on the system path.
[PROMPT_INJECTION]: The skill includes instructions to bypass platform security heuristics that force manual approval prompts. The agent is directed to avoid specific command patterns (such as using #, empty strings, or logical operators) to ensure commands are auto-allowed without user intervention.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from Slack messages, threads, and file content.
Ingestion points: Slack message text, thread summaries, and file attachments fetched via agent-slack message get, message list, and search (documented in SKILL.md and references/output.md).
Boundary markers: No specific delimiters or instructions are provided to separate untrusted Slack data from agent instructions.
Capability inventory: The skill executes CLI commands via the agent-slack tool and performs file system writes when downloading attachments (documented in references/output.md).
Sanitization: Basic sanitization of mentions and escaping of special characters are performed for output, but no sanitization is applied to incoming untrusted data.

agent-slack