slack-bot-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows the app handling Slack messages (e.g., the @app.message("hello") handler) and requests OAuth scopes like channels:history and channels:read, which means the skill ingests user-generated Slack content (third-party/untrusted) and acts on it as part of its workflow, so that content could indirectly inject instructions that influence behavior.