cline-kanban

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests arbitrary JSON payloads via the hooks CLI (references/hooks-integration.md — payloads from stdin/positional/--metadata-base64 and the Gemini hook that reads stdin) and calls out provider/auto-update network fetches (references/network-and-telemetry.md), and those inputs are mapped to runtime events (to_review/to_in_progress/activity) that directly drive task state changes, auto-review commits, and agent actions, meaning untrusted third‑party content can materially influence behavior.