The CloudSOC Slack Securlet is showing externally exposed files that are shared in an internal only channel.
A 3rd party app, Polly, was included in the channel for the ability to included polls. This Polly user is an invisible bot user on the channel.
Broadcom treats all bot users as external to protect from any potential risks.
With direct written permission the customer requested this particular bot user be converted, in the backend, to be an internal user.