slack
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it is designed to ingest and process untrusted data from external Slack channels and messages via the
conversations.historyandconversations.listmethods. Maliciously crafted messages in Slack could potentially influence agent behavior. - Ingestion points: Slack API endpoints for history and message retrieval in SKILL.md.
- Boundary markers: None present; the instructions do not explicitly tell the agent to ignore instructions embedded in the retrieved messages.
- Capability inventory: The skill allows writing to Slack via
chat.postMessageandfiles.uploadV2as described in SKILL.md. - Sanitization: No explicit sanitization or filtering of Slack message content is mentioned in the instructions.
- [SAFE]: The skill correctly uses environment variables (
SLACK_BOT_TOKEN) for authentication rather than hardcoding credentials, which is a standard safe practice for secret management. - [SAFE]: Network operations are directed at the official Slack API domain (
slack.com) and the vendor's own integration domain (superwall.ai), which is consistent with the skill's stated purpose.
Audit Metadata