slack
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard
curlcommands to interact with the Slack Web API. These commands are used as intended for API communication and do not involve arbitrary shell execution or unsafe command piping. - [CREDENTIALS_SAFE]: Authentication is handled correctly using the
SLACK_TOKENenvironment variable. The skill avoids hardcoding secrets, leveraging the platform's secret injection mechanism (vm0_secrets). - [DATA_EXFILTRATION]: All network operations target
slack.comand its subdomains, which are recognized well-known services. No unauthorized data exfiltration to unknown or suspicious domains was detected. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The
conversations.historymethod allows the agent to read message history from Slack, which constitutes an ingestion point for untrusted external data. - Boundary markers: Not explicitly defined in the provided documentation snippets.
- Capability inventory: The skill provides write capabilities including sending messages (
chat.postMessage), uploading files (files.upload), and deleting content (chat.delete). - Sanitization: The skill documentation does not specify sanitization for message content, which is a standard characteristic of API-based communication tools.
Audit Metadata