slack
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from Slack messages using the
readMessagesaction. An attacker could craft a message in a Slack channel that, when read by the agent, contains instructions designed to hijack the agent's behavior or manipulate other actions. - Ingestion points: External data enters the agent context via the
readMessagesaction inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the message content are defined.
- Capability inventory: The skill possesses significant capabilities, including
sendMessage,editMessage,deleteMessage,pinMessage,unpinMessage, andreact. - Sanitization: The skill does not implement sanitization or validation of the retrieved message content before it is processed by the agent.
Audit Metadata