slack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill has a defined surface for indirect prompt injection attacks because it reads data from external sources.
- Ingestion points: The skill uses
readMessages,listPins, andreactionsactions to ingest content from Slack, which is controlled by third-party users. - Boundary markers: The skill documentation does not provide delimiters or instructions to the agent to distinguish between system instructions and data ingested from Slack.
- Capability inventory: The skill possesses significant capabilities including
sendMessage,editMessage, anddeleteMessage. If an attacker-controlled Slack message is processed as an instruction, it could result in unauthorized message manipulation. - Sanitization: No sanitization or validation logic is defined within the skill documentation to filter or escape content retrieved from the Slack API.
Audit Metadata