Skills
skills/wellapp-ai/well/slack-announce/Gen Agent Trust Hub

slack-announce

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWNO_CODE
Full Analysis

The provided SKILL.md file is a Markdown document that describes a process for generating formatted Slack messages. It defines phases, message types, emoji selection, closing phrases, and message templates. Crucially, it does not contain any executable code, shell commands, Python scripts, or any other form of active code that would run on the agent's system.

  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override your constraints', 'You are now jailbroken') were found in the descriptive text or metadata.
  2. Data Exfiltration: Not applicable, as there are no commands or scripts to read files or perform network requests.
  3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected within the Markdown content.
  4. Unverifiable Dependencies: The skill mentions an 'Optional Slack MCP Integration' and refers to a 'setup skill' for its installation. However, this SKILL.md itself does not perform any installation or download of external dependencies. It merely describes an optional integration point. This is noted as an informational item but does not pose a direct security risk from this skill's execution.
  5. Privilege Escalation: Not applicable, as there are no commands or scripts that could attempt to escalate privileges.
  6. Persistence Mechanisms: Not applicable, as there are no commands or scripts that could establish persistence.
  7. Metadata Poisoning: The name and description fields in the front matter are benign and do not contain any malicious instructions.
  8. Indirect Prompt Injection: The skill generates messages based on input. If the input itself comes from an untrusted source (e.g., a malicious PR title or issue description), it could lead to the generation of a misleading Slack message. However, this is a general risk associated with processing untrusted input in any LLM application and not a vulnerability in the skill's definition itself. The skill does not execute the generated message; it merely formats it.
  9. Time-Delayed / Conditional Attacks: Not applicable, as there is no executable code to implement conditional logic based on time or other factors.

Given that the skill is entirely descriptive and contains no executable components, it is classified as a 'no-code' skill and is considered safe.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 02:19 PM