slack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically reads and parses user-generated Slack message content from the Slack desktop app (see unreads.py, search.py's EXTRACT_JS/EXTRACT_TEXT_JS and later.py which eval document.innerText via agent-browser/CDP), and uses that content to drive navigation, reactions, and sending actions, so untrusted third-party messages can influence agent behavior.