skills/iii-hq/workers/slack/Gen Agent Trust Hub

slack

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection because it is designed to ingest and process untrusted data from Slack conversations. \n- Ingestion points: The skill uses Slack API methods like slack::conversations::* and slack::search::messages to read external message content into the agent context. \n- Boundary markers: No specific boundary markers or 'ignore embedded instructions' directives are defined to isolate external data from system prompts. \n- Capability inventory: The skill provides extensive write and administrative capabilities (e.g., slack::chat::*, slack::call) that could be manipulated if an agent obeys instructions embedded in Slack messages. \n- Sanitization: The documentation does not specify sanitization or validation routines for incoming Slack data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 03:11 PM
Security Audit — agent-trust-hub — slack