slack-user-cli
Warn
Audited by Snyk on Mar 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated Slack content (messages, threads, search results, and canvas HTML) as part of its Channel Summary Workflow and via commands like read/thread/url/canvas in SKILL.md and scripts/slack_user_cli.py (e.g., conversations_history/conversations_replies, search_messages, _fetch_canvas_content), so untrusted third-party content is parsed and used to generate summaries and drive actions.
Audit Metadata