slack
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by ingesting data from an external source.
- Ingestion points: The
readMessagesaction inSKILL.mdallows the agent to pull untrusted content from Slack channels into its context. - Boundary markers: The skill does not define specific delimiters or instructions to treat ingested message content as untrusted data.
- Capability inventory: The skill includes actions to
sendMessage,editMessage,deleteMessage,pinMessage, andreact, providing a range of actions an attacker could attempt to trigger. - Sanitization: No evidence of content sanitization or validation is present in the tool definition.
- [NO_CODE]: The skill contains no executable scripts (e.g., Python, JavaScript) or binaries. It consists entirely of a markdown file defining tool parameters and usage examples.
Audit Metadata