synthesis-slack-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads Slack channels and thread content via Slack MCP (see "Step 1: Read channels" and "Step 2: Re-read ALL active threads" using slack_read_channel and slack_read_thread in SKILL.md), ingests user-generated Slack messages as part of its workflow, and uses them to update action plans and draft/send replies—so untrusted third-party content can directly influence agent behavior.