slack-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes user-generated Slack channel messages (see scripts/fetch_slack_news.py and scripts/slack_search.py which call Slack APIs to read channel history) and then feeds that content into AI categorization (scripts/categorize_slack_messages.py uses OpenRouter), so untrusted third-party content from Slack is ingested and can influence AI-driven decisions and downstream actions.