pp-slack

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the slack-pp-cli and slack-pp-mcp tools from the author's repository (github.com/mvanhorn/printing-press-library) and via npx using the @mvanhorn/printing-press package. These resources are provided by the author of the skill.
  • [COMMAND_EXECUTION]: Interacts with Slack by executing the slack-pp-cli binary. Commands include workspace searches, channel history exports, and message sending. Usage of the --agent flag ensures structured JSON output for the agent.
  • [PROMPT_INJECTION]: The skill retrieves and processes Slack message content, which represents an indirect prompt injection surface.
  • Ingestion points: Content is ingested through the search, digest, health, and activity commands in SKILL.md.
  • Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted Slack content from the agent's instructions.
  • Capability inventory: The skill leverages the Read Bash tool to execute CLI commands and interact with the file system (via sync).
  • Sanitization: There is no documentation of sanitization or filtering of Slack message data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 04:50 AM
Security Audit — agent-trust-hub — pp-slack