ce-slack-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Because the skill explicitly fetches and ingests user-generated Slack content (workspace channels, threads, and messages) as part of its required workflow—see Execution ("Slack MCP discovery, search execution, thread reads")—allowing untrusted third-party messages to influence the agent's analysis and actions.