slack
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses environment variables (SLACK_BOT_TOKEN, SLACK_APP_TOKEN) for Slack API authentication, adhering to standard security practices for credential management.
- [COMMAND_EXECUTION]: The use of import calls in several scripts for inline path manipulation to enable local module imports is benign and does not execute untrusted code.
- [PROMPT_INJECTION]: The skill ingests data from external Slack messages, creating a surface for indirect prompt injection. The documentation specifies mitigations such as input fencing.
- Ingestion points: Data enters via slack_read.py, slack_search.py, and the inbox.jsonl file.
- Boundary markers: Documentation in references/daemon-architecture.md explicitly recommends fencing user input to mitigate this risk.
- Capability inventory: The skill uses the requests library to perform discrete Slack API actions.
- Sanitization: Instructions specify that external content should be treated as untrusted input.
Audit Metadata