slack-web-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and returns user-generated Slack messages (commands like channel_history, thread, and search in scripts/slack_web_api.ts and the SKILL.md "Pattern: read + analyze a channel" which instructs fetching channel_history to /tmp/slack.json) — these are untrusted third-party messages the agent is expected to read and could influence subsequent analysis or actions.