slack
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill enables the agent to read messages from external Slack channels, which creates a surface for indirect prompt injection (Category 8).
- Ingestion points: The
readMessagesaction ingests untrusted text directly from Slack channel history into the agent's context. - Boundary markers: The documentation does not specify the use of delimiters or instructions for the agent to ignore potentially malicious instructions embedded within retrieved messages.
- Capability inventory: The skill provides significant capabilities, including
sendMessage,editMessage,deleteMessage, andpinMessage, which could be triggered by instructions found in ingested data. - Sanitization: There is no evidence of sanitization, filtering, or validation of the message content before it is processed by the agent.
- [NO_CODE]: The skill consists entirely of documentation and configuration for a pre-existing
slacktool. It does not include any executable scripts, binaries, or third-party package dependencies.
Audit Metadata