slack
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from data retrieved from the Slack workspace.
- Ingestion points: The agent ingests external, untrusted content from Slack messages and search results using
agent-browser get textandagent-browser snapshotinSKILL.mdandreferences/slack-tasks.md. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill utilizes the
agent-browsertool to perform navigation, clicking, form filling, and taking screenshots across all referenced files. - Sanitization: No sanitization or validation of the content retrieved from Slack is performed before processing.
- [COMMAND_EXECUTION]: The skill makes extensive use of the
agent-browserCLI tool via bash commands to automate browser actions. - Evidence: Bash blocks in
SKILL.mdandreferences/slack-tasks.mddemonstrate the use ofagent-browser connect,agent-browser open, andagent-browser clickto programmatically control a browser session.
Audit Metadata