slack-api
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE] (SAFE): No malicious behavior, prompt injection, or obfuscation was detected. The skill uses standard libraries for its intended purpose of Slack workspace automation.
- [EXTERNAL_DOWNLOADS] (LOW): The documentation references official packages (
slack-bolt,slack-sdk) and common utilities (python-dotenv,ngrok). These are from trusted sources and are standard for this type of development. - [CREDENTIALS_UNSAFE] (SAFE): The code examples correctly demonstrate accessing sensitive tokens (SLACK_BOT_TOKEN, etc.) via environment variables rather than hardcoding them.
- [COMMAND_EXECUTION] (SAFE): The README includes instructions for the user to run
pip installandcurlfor setup and testing. These are transparent and expected for a technical guide. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The skill processes untrusted data from Slack users through message listeners and slash commands (e.g.,
app.message("hello")). - Boundary markers: No specific boundary markers or sanitization are shown in the basic examples.
- Capability inventory: The skill has the capability to send and update messages in Slack channels.
- Sanitization: The basic examples do not demonstrate input sanitization, which is a common pattern in introductory documentation but constitutes a potential surface for injection if the bot outputs user content directly into sensitive contexts.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata