slack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) instructs the agent to fetch and read Slack messages, threads, and channels via slack-cli (e.g., "slack-cli view", "channel read", "thread read"), which are user-generated, third-party workspace contents that the agent would interpret as part of its workflow and could therefore carry instructions that influence actions.