slack-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on Slack user-generated events (e.g., message.im, app_mention) — see SKILL.md and references/slack-inbound-message-formats.md and references/chat-sdk-payload-contract.md — and uses message.text/attachments/isMention to drive routing and assistant.threads.* calls, so untrusted third-party Slack content can influence agent actions.