The Agent Skills Directory

Indirect Prompt Injection Surface: The skill processes external message content from Slack to perform its triage function. While standard for this use case, it represents a surface where the AI could encounter instructions embedded within user messages.
Ingestion points: Data enters the context from Slack channels, threads, and search results via slack_read_channel, slack_read_thread, and slack_search_public_and_private commands.
Capability inventory: The skill has the ability to interact with the Slack outgoing message skill to draft or send replies based on the triage results.
Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore instructions found within the Slack messages being processed.
Sanitization: No explicit sanitization or filtering of incoming message content is implemented in the prompt logic.
This pattern is common in summarization tasks. Implementing explicit markers or warnings to disregard instructions within processed data is a recommended practice to further strengthen the skill's robustness.

slack-notification-triage