The third-party does threat intelligence... I don't see how it's unreasonable to think that Facebook has hired them to perform malware/scam detection on links sent through chat. Given Facebook's policy, someone has to do it.
They could be intercepting the traffic anywhere between the author's network and Facebook though, not necessarily with any complicity on the part Facebook.