slack-bot-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill follows security best practices by using environment variables for API tokens and signing secrets. It provides clear guidance on secure OAuth implementation and persistence.
- [Indirect Prompt Injection] (SAFE): While the skill processes untrusted Slack messages, which is an inherent attack surface for bots, the provided patterns focus on legitimate functionality. * Ingestion points: SKILL.md examples process message payloads and incident data. * Boundary markers: Not explicitly implemented in the high-level patterns provided. * Capability inventory: Includes message posting (say) and UI interaction (views_open). * Sanitization: Not explicitly shown.
Audit Metadata