Skills
skills/devxoul/agent-messenger/agent-slackbot/Gen Agent Trust Hub

agent-slackbot

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the agent-messenger Node.js package from the npm registry to provide the agent-slackbot CLI functionality.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its interaction with external Slack data.
  • Ingestion points: The agent retrieves untrusted text content from Slack channels using the message list, message get, and message replies commands documented in SKILL.md.
  • Boundary markers: There are no instructions for the agent to use delimiters or ignore potential commands embedded within the retrieved message text.
  • Capability inventory: The agent has the capability to send messages, upload/download files, and manage reactions within the workspace using the agent-slackbot toolset.
  • Sanitization: The skill does not provide mechanisms or instructions for sanitizing or validating incoming message content before it is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:08 AM