slack-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated Slack messages from workspace channels using the composio-config MCP tools (SLACK_FETCH_CONVERSATION_HISTORY and SLACK_SEARCH_MESSAGES) and then uses those messages to extract wins, metrics, and drive reporting, so untrusted third-party content can directly influence agent behavior.