slack-web-api
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions were found that attempt to override agent behavior, bypass safety guidelines, or extract system prompts. The content is strictly limited to API documentation.
- [Data Exposure & Exfiltration] (SAFE): There are no hardcoded credentials, sensitive file paths, or network exfiltration patterns. While the documentation mentions the Slack API base URL and authentication tokens, no actual secrets are included.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were detected in the documentation files.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not include any dependency manifests (e.g., package.json, requirements.txt) or commands to download and execute remote scripts.
- [Indirect Prompt Injection] (SAFE): The skill defines an interface for interacting with Slack, which inherently involves processing external data (messages). However, as a documentation-only skill (NO_CODE), it lacks the executable surface required to directly exploit these ingestion points.
Audit Metadata