messaging
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data.
- Ingestion points: Message text is retrieved via 'list-messages' and 'get-thread' actions defined in 'skill-router.json'.
- Boundary markers: No delimiters or protective instructions are used in 'SKILL.md' to separate message data from agent instructions.
- Capability inventory: The skill's ability to read history and send messages ('send' action) creates a surface for potential multi-step injection chains.
- Sanitization: There is no evidence of filtering or escaping performed on the content retrieved from Slack.
Audit Metadata