Skills
skills/vm0-ai/vm0-skills/slack/Gen Agent Trust Hub

slack

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses curl to interact with Slack's official Web API endpoints for messaging and management tasks.
  • [DATA_EXFILTRATION]: Accesses the $SLACK_TOKEN environment variable to authenticate requests and retrieves workspace information, including message history and user profiles, which is necessary for its intended functionality.
  • [PROMPT_INJECTION]: The skill processes untrusted data from Slack messages and files, creating a potential surface for indirect prompt injection.
  • Ingestion points: Retrieves data through conversations.history, conversations.replies, search.messages, search.files, and files.info as documented in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when processing retrieved content.
  • Capability inventory: The skill has broad capabilities including sending messages (chat.postMessage), managing users (users.profile.set), and deleting files (files.delete) across its documented functions.
  • Sanitization: No explicit sanitization or filtering of data retrieved from the Slack API is specified in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM