Skills
skills/vamseeachanta/workspace-hub/slack-api/Gen Agent Trust Hub

slack-api

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation references official libraries for Slack integration and development tools.
  • Evidence: Installation of slack-bolt, slack-sdk, and python-dotenv from standard Python package registries.
  • Additional tools like ngrok are suggested for local development, which is a well-known and trusted service in this context.
  • [PROMPT_INJECTION]: The skill provides templates for handling external input from Slack, creating a potential surface for indirect prompt injection.
  • Ingestion points: Handler functions in SKILL.md and README.md process data from Slack message events, slash commands, and interactive modal submissions.
  • Boundary markers: The examples include basic character escaping but do not implement specific delimiters for isolating untrusted data from AI instructions.
  • Capability inventory: The provided bot patterns have permissions to post messages (chat_postMessage), update content, and interact with external webhooks.
  • Sanitization: Includes a utility for escaping special characters (&, <, >) and validation logic for input fields in modals.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 03:13 AM