mural

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime LLM context can be fed outsider-authored free text via Mural API responses that include widget/sticky-note text (e.g., GET /murals/{mural_id}/widgets/... and related area-chain/sibling fetches), which the CLI returns as JSON to the caller process (B4 “Mural-authored text … must be treated as untrusted input”).