Skills
skills/openhands/skills/slack-channel-monitor/Gen Agent Trust Hub

slack-channel-monitor

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The setup workflow uses shell commands to verify Slack tokens, resolve channel IDs, and interact with the OpenHands automation API. This includes piping API responses to local Python snippets for data processing.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the official Slack API (slack.com) to poll messages and post responses. It also performs local discovery of ngrok tunnels to resolve external URLs for developer convenience. These involve well-known and trusted services.
  • [DATA_EXFILTRATION]: The skill manages sensitive Slack authentication tokens (SLACK_BOT_TOKEN and SLACK_USER_TOKEN). These are transmitted only to the official Slack API for their intended purpose. The skill also propagates existing user secrets to triggered sub-conversations to ensure the responding agent has the necessary permissions to fulfill requests.
  • [PROMPT_INJECTION]: Because the skill processes untrusted message content from Slack, it is exposed to indirect prompt injection. The skill mitigates this by wrapping message data in clear instructional boundaries within the generated prompt, explicitly directing the agent to ignore instructions embedded in the historical context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 08:21 AM
Security Audit — agent-trust-hub — slack-channel-monitor