vikunja-vja

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill routinely runs vja commands that read task data from a Vikunja instance (e.g., "vja ls --filter ... --json" and "vja show <task_id> --json" in the SKILL.md Workflows), and those user-generated/untrusted task JSON results are then used (for example via jq + xargs in "Bulk-defer overdue tasks") to drive further vja actions, so third-party content can influence tool use and next actions.