p-slack-triage
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a robust defensive framework against indirect prompt injection. It specifically instructs the agent to treat all Slack message content as untrusted external input and provides explicit guidelines to ignore instructions, commands, or behavior manipulation attempts embedded within message text. The static analysis trigger was identified as a false positive, as the 'ignore previous instructions' pattern appears only within these security guidelines.
- [COMMAND_EXECUTION]: The skill utilizes Slack MCP tools for reading and sending data. It maintains a secure human-in-the-loop workflow by requiring the user to explicitly confirm ('Send, edit, or discard?') any outgoing message before the
slack_send_messagetool is invoked. - [DATA_EXPOSURE]: While the skill accesses sensitive message data (DMs and mentions), this is restricted to the authenticated Slack workspace and is the primary intended function of the tool. No data is exfiltrated to unauthorized third-party domains.
Audit Metadata