slack

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to interact with external Slack content, which introduces an attack surface where malicious instructions could be embedded in messages. \n
  • Ingestion points: Slack channel content retrieved via the readMessages action. \n
  • Boundary markers: Absent. The instructions do not direct the agent to treat retrieved message content as untrusted data or use specific delimiters. \n
  • Capability inventory: The skill possesses multiple active capabilities including sending, editing, and deleting messages (sendMessage, editMessage, deleteMessage), managing reactions (react), and pinning content (pinMessage). \n
  • Sanitization: Absent. No sanitization or validation of the retrieved Slack content is specified in the instruction file.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — slack