slack
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to interact with external Slack content, which introduces an attack surface where malicious instructions could be embedded in messages. \n
- Ingestion points: Slack channel content retrieved via the
readMessagesaction. \n - Boundary markers: Absent. The instructions do not direct the agent to treat retrieved message content as untrusted data or use specific delimiters. \n
- Capability inventory: The skill possesses multiple active capabilities including sending, editing, and deleting messages (
sendMessage,editMessage,deleteMessage), managing reactions (react), and pinning content (pinMessage). \n - Sanitization: Absent. No sanitization or validation of the retrieved Slack content is specified in the instruction file.
Audit Metadata