ticktick-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The CLI actively calls the public Dida365 Open API (https://api.dida365.com/open/v1) — see scripts/ticktick_api_client.py and scripts/ticktick_cli.py — to fetch user-created projects/tasks (user-generated, third-party content) which the agent parses and renders, so it consumes untrusted third-party content as part of its workflow.