slack-respond

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and processes unhandled Slack messages from the Session Bridge inbox (see "Current Inbox" and Step 2/Step 4 in SKILL.md), which are user-generated/untrusted content that the agent must interpret and that can trigger research, file reads, reactions, memory updates, and other actions—so third-party content can materially influence tool use.