slack
Warn
Audited by Snyk on Feb 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's "readMessages" action (and other message-related actions) fetches and exposes Slack channel/DM text—user-generated, untrusted content from a third-party platform—that the agent is expected to read and could contain malicious or instructive payloads.
Audit Metadata