Skills
skills/oimiragieo/agent-studio/slack-expert/Gen Agent Trust Hub

slack-expert

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
  • Ingestion points: The skill defines multiple entry points for untrusted data from the Slack platform, specifically through slash commands (app.command), event subscriptions (app.event), and modal submissions (app.view).\n
  • Boundary markers: The code examples demonstrate direct interpolation of user-controlled data (such as command.text and view.state.values) without implementing LLM-specific boundary markers or explicit instructions to ignore embedded commands.\n
  • Capability inventory: The skill's configuration includes powerful tools such as Bash, WebFetch, Read, Write, and Edit (documented in SKILL.md frontmatter), which could be targeted by an attacker-controlled Slack payload.\n
  • Sanitization: There is an absence of sanitization or validation logic in the provided code snippets to filter or escape instructions embedded within the text fields of the Slack data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:50 PM