slack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests user-generated Slack workspace content via the Slack API (see SKILL.md commands like read/list and OAuth scopes such as channels:history and im:history), and the agent is expected to read and act on those messages when drafting or deciding to send replies, so untrusted third‑party content can influence behavior.