perses-grafana-migrate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Phase 1 Export) explicitly fetches Grafana dashboard JSON from Grafana API endpoints (e.g., curl https://grafana.example.com/api/dashboards/uid/ | jq '.dashboard') and feeds that untrusted, user-generated JSON into the conversion and deployment pipeline (percli migrate/apply), so third-party dashboard content is ingested and can materially influence tool behavior.