slack-development
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of instructional markdown files and reference documentation for Slack integration. It does not contain executable code, scripts, or remote downloads.
- [DATA_EXFILTRATION]: No sensitive data access or exfiltration patterns were identified. External links point to official documentation domains including slack.dev, vercel.com, and chat-sdk.dev.
- [PROMPT_INJECTION]: No instructions attempting to bypass safety filters or override agent behavior were found.
- [SAFE]: Indirect prompt injection surface was evaluated. 1. Ingestion points: Slack inbound events (app_mention, message.*) defined in references/slack-inbound-message-formats.md. 2. Boundary markers: Explicit escaping rules for dynamic text ('&', '<', '>') in references/slack-output-formatting.md. 3. Capability inventory: Slack API interactions such as posting messages and setting assistant status/titles. 4. Sanitization: Outbound messages are sanitized via mrkdwn escaping rules.
Audit Metadata