slack-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and ingests user-generated Slack workspace content via network API calls to slack.com (see scripts/slack/slack-client.js and the CLI in scripts/slack/slack.js used by SKILL.md workflows) and even loads workspace HTML in scripts/slack/extract-tokens.js, so untrusted messages/pages from third-party workspaces are read and can influence the agent's outputs and subsequent actions.