slack-rich-output

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly documents rendering and processing of user-shared/public URLs and remote content (e.g., Work Objects / link unfurl via chat.unfurl with app_unfurl_url, image/video blocks using image_url/video_url, external_select with an options load URL and remote file references), which means the agent will ingest and display arbitrary third-party/user-provided content that could carry indirect prompt injection.