slack-block-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Work Objects / Unfurl workflow (references/WORK-OBJECTS.md and SKILL.md) explicitly describes handling user-shared external URLs (link_shared → chat.unfurl and entity_details_requested → entity.presentDetails) and returning metadata/actions derived from those arbitrary public URLs, so the agent would ingest and act on untrusted third‑party content posted by users.