synthesis-slack-sync
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
thread_checker.py) to analyze transcript files and identify threads that require re-syncing. This script uses standard Python library modules and operates solely on local files provided via command-line arguments. - [DATA_EXPOSURE]: The skill reads Slack messages and writes them to local markdown transcript files in the user's home directory. It also manages a local configuration file (
.claude/slack-sync.yaml) and an action plan. This file access is intrinsic to the skill's purpose and does not involve exfiltration to external domains. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from Slack, which is an external source that could contain malicious instructions.
- Ingestion points: Slack message content ingested via
slack_read_channelandslack_read_threadMCP tools. - Boundary markers: Transcript files use structured markdown headers (
## #channel-name,### [Author]) to delimit different messages and metadata. - Capability inventory: The agent can read/write local files and execute the provided
thread_checker.pyscript. - Sanitization: The protocol requires the agent to use a strict 'Draft Message Format' and verify facts against primary sources (e.g., source code, deploy logs) before drafting replies, which serves as a verification layer against potentially malicious data in Slack threads.
Audit Metadata