slack
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for browser automation using the
agent-browsertool to interact with Slack workspaces. All connections target the legitimateapp.slack.comdomain. The skill correctly emphasizes using existing sessions and provides comprehensive documentation for its workflows. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data from Slack messages and channel names. This finding is classified as safe as it is inherent to the skill's purpose and does not involve the dynamic execution of retrieved content.
- Ingestion points: Untrusted content is ingested from Slack messages and metadata via
agent-browser snapshotandagent-browser get textinSKILL.mdandreferences/slack-tasks.md. - Boundary markers: The provided templates and workflows do not currently use specific boundary markers or instructions to ignore embedded content in Slack data.
- Capability inventory: The available tools are restricted to browser automation (clicking, filling forms, screenshots, scrolling) and do not include capabilities for arbitrary command execution or system-level modification.
- Sanitization: No specific sanitization logic is implemented for the data retrieved from Slack, relying instead on the agent's internal safety protocols.
Audit Metadata