This detection rule targets potentially malicious HTML attachments disguised as Slack installers. The rule checks for inbound messages containing attachments with specific HTML file extensions, and it identifies those containing a Slack logo, as suggested by computer vision models with a confidence level of medium or high. Additionally, it utilizes natural language understanding to analyze the text content of the HTML for request phrases like 'download'. If the rule finds embedded URLs leading to executable files (.exe) hosted on domains outside the organization's trusted domains, it triggers an alert. The severity of this rule is classified as high due to the potential delivery of malware through this social engineering tactic, often leveraging brand impersonation to fool users into executing harmful files.