task-estimator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to inject live task content via TaskMarket commands (e.g., "Task snapshot: !taskmarket task get $0" and board snapshot: !taskmarket task list --status open), which fetches user-posted TaskMarket task descriptions that the agent must read and use to drive estimations, creating a clear avenue for untrusted third‑party content to influence actions.