slack-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill consumes and acts on untrusted Slack user-generated content (e.g., app.message(/deploy/), app.event('app_mention'), slash command handlers like /approve-request and /report, action values, and modal submissions) and uses that content to trigger deployments, approvals, report generation, and other follow-on actions, so messages from third parties could materially influence tool use or decisions.