groove-utilities-task-list

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) explicitly fetches task data from third-party services — e.g., running gh issue list --assignee @me --state open for the github backend and the scripts/list-tasks-by-priority.sh which calls the beans CLI — so it ingests user-generated issues/tasks from external, untrusted sources and displays/uses that content as part of its runtime behavior.