pp-slack
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the
slack-pp-cliandslack-pp-mcptools from the author's repository (github.com/mvanhorn/printing-press-library) and vianpxusing the@mvanhorn/printing-presspackage. These resources are provided by the author of the skill. - [COMMAND_EXECUTION]: Interacts with Slack by executing the
slack-pp-clibinary. Commands include workspace searches, channel history exports, and message sending. Usage of the--agentflag ensures structured JSON output for the agent. - [PROMPT_INJECTION]: The skill retrieves and processes Slack message content, which represents an indirect prompt injection surface.
- Ingestion points: Content is ingested through the
search,digest,health, andactivitycommands inSKILL.md. - Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted Slack content from the agent's instructions.
- Capability inventory: The skill leverages the
Read Bashtool to execute CLI commands and interact with the file system (viasync). - Sanitization: There is no documentation of sanitization or filtering of Slack message data before processing.
Audit Metadata