tb-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The scripts (scripts/tb-api.mjs) call the public TeamBition Open API (https://open.teambition.com) to fetch projects, templates, tasks, members and tags (user-generated/untrusted content) and then directly use returned names/contents/IDs to pick templates and build/create/update/link task payloads, so remote content is read and can materially influence API actions.