slack
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection because it is designed to ingest and process untrusted data from Slack conversations. \n- Ingestion points: The skill uses Slack API methods like
slack::conversations::*andslack::search::messagesto read external message content into the agent context. \n- Boundary markers: No specific boundary markers or 'ignore embedded instructions' directives are defined to isolate external data from system prompts. \n- Capability inventory: The skill provides extensive write and administrative capabilities (e.g.,slack::chat::*,slack::call) that could be manipulated if an agent obeys instructions embedded in Slack messages. \n- Sanitization: The documentation does not specify sanitization or validation routines for incoming Slack data.
Audit Metadata