slack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly exposes Slack API endpoints such as GET /slack/api/conversations.history and GET /slack/api/search.messages (and related files/messages endpoints) which let the agent fetch user-generated Slack messages/files from third-party workspaces that could contain instructions and therefore influence subsequent actions.