slack-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and reference files (notably references/slack-ai-features.md "Custom AI Apps" and references/workflow-builder.md / references/4-detailed-examples.md) show runtime flows that ingest user-generated Slack messages and external content and APIs (e.g., slack.search.messages, openai ChatCompletion, outgoingDomains/api.github.com, webhooks like status.company.com), meaning untrusted third‑party or user-provided content is fetched and used to generate decisions and actions.