messaging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and maps Slack user-generated messages and thread replies via the Slack API (see SKILL.md "list messages"/"get-thread" and skill-router.json upstream paths /conversations.history and /conversations.replies), and those untrusted third-party messages could be interpreted by the agent and influence subsequent send/react actions, enabling indirect prompt injection.