I've used one-time-link services sometimes, and posting the link to Slack causes Slack to make an HTTP fetch looking for metadata, which then invalidates the link.
Then, any automated system which sees the link cannot accidentally cause the file to be "downloaded" which would cause the link to be invalidated. They can see the link itself, but they don't have the password, therefore they can't download the content to scan it.
I have used onetimesecret.com a number of times in this way.
It's a very common and easy to anticipate issue, I'm surprised that there are any one-time-link services left that suffer from it.