todoist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill connects to the Todoist service via the Membrane CLI (see SKILL.md instructions to "membrane connect" and actions like "list-comments" / "list-tasks" and "get-comment"), which fetches user-generated/untrusted task and comment content that the agent is expected to read and that could materially influence subsequent actions.