GHSA-qvpf-j64c-jmhr: PraisonAI Slack app_mention bypasses configured user/channel authorization

PraisonAI’s Slack bot applies its configured allowed_users, allowed_channels, and unknown-user pairing policy in the normal Slack message event handler, but not in the adjacent Slack app_mention event handler.

A Slack workspace user who can mention the bot in a channel where the Slack app is present can trigger the configured PraisonAI agent even when:

• the sender is not in BotConfig.allowed_users;
• the channel is not in BotConfig.allowed_channels;
• unknown_user_policy="deny" is configured; and
• the same event content is correctly dropped by the normal message handler.

This is a sibling-handler guard-coverage issue. Slack documents app_mention as a distinct event type rather than a message.* event, so deployments subscribed to app mentions can route unauthorized sender input around the guarded message path.