pp-slack
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
slack-pp-cliandslack-pp-mcptools. - Binaries are downloaded from the author's GitHub repository (
github.com/mvanhorn/printing-press-library) viago install. - An installer is fetched from the NPM registry using
npx -y @mvanhorn/printing-press. - These external resources originate from the identified skill author's infrastructure.
- [COMMAND_EXECUTION]: The skill uses local command execution to perform Slack operations.
- Executes
slack-pp-clifor tasks such as searching messages, listing users, and analyzing workspace activity. - Invokes
claude mcp addto register the MCP server with the agent environment. - [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection due to its interaction with external workspace data.
- Ingestion points: Data enters the agent context via
slack-pp-clicommands that read Slack message history, channel content, and thread data (e.g.,search,digest,sync). - Boundary markers: The instructions do not define specific delimiters or security headers to isolate Slack data from the agent's core instructions.
- Capability inventory: The agent has the ability to execute further CLI commands and network requests based on the content it parses from Slack.
- Sanitization: There is no evidence of data sanitization or instruction filtering applied to the messages retrieved from the Slack API.
Audit Metadata