slack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes external data via template variables which are interpolated into Slack messages. 1. Ingestion points: Variables provided to the 'notify' command or 'sendNotification' API. 2. Boundary markers: Absent; no specific delimiters or instruction-ignore warnings are described. 3. Capability inventory: Writing messages, uploading files, and managing channels via the Slack API. 4. Sanitization: Not specified in the documentation.
- Data Exposure & Exfiltration (SAFE): The skill stores message history and templates in a local SQLite database at '~/.openclaw/skills/slack/{profile}.db' with 0600 permissions, which is a security best practice for local storage.
- EXTERNAL_DOWNLOADS (SAFE): The package.json specifies standard dependencies, including a local file-based dependency for authentication logic.
Audit Metadata