slack-rs
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install the 'slack-rs' CLI tool from an untrusted GitHub repository (tumf/slack-rs) or via crates.io. These sources are not included in the trusted provider list.
- [COMMAND_EXECUTION] (LOW): The skill is built to execute local shell commands via the 'slack-rs' binary to interact with the Slack API.
- [CREDENTIALS_UNSAFE] (LOW): The documentation explicitly points to '~/.config/slack-rs/' as the storage for OAuth tokens and secrets, and provides usage for 'auth export' which could be used to expose these credentials.
- [PROMPT_INJECTION] (LOW): (Indirect Prompt Injection) The skill possesses an ingestion point for untrusted data via Slack channel history ('slack-rs conv history'). Ingestion points: 'slack-rs conv history' in SKILL.md. Boundary markers: None present. Capability inventory: Full Slack API access including message posting and deletion. Sanitization: No sanitization logic documented for processed message content.
Audit Metadata