trello

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and processes user-generated Trello data via the Trello API (e.g., scripts/trello-cards.sh list-json and SKILL.md "Workflow: Smart Sorting" step 1), and those card names/comments (untrusted third-party content) are explicitly analyzed to decide and execute reorder/move actions—creating a clear path for indirect prompt-injection through board/card text.