slack-realtime-events

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill ingests and acts on arbitrary user-generated Slack content (e.g., message and app_mention handlers like handleMessageEvent and handleAppMention, modal submissions, and slash commands), so the agent will read untrusted third-party inputs from Slack that could carry indirect prompt injections.