slack-user-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads user-generated Slack content (messages, threads, search results, and canvases) via the Slack API (see scripts/slack_user_cli.py: read, thread, url, search, canvas/_fetch_canvas_content and the SKILL.md "Channel Summary Workflow"), and that content is used to summarize and draft/send messages — so untrusted third-party content in Slack can materially influence agent decisions and actions.