trello

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches Trello user-generated content via the Trello REST API (e.g., the SKILL.md curl examples calling /1/boards/{boardId}/cards and /1/lists/{listId}/cards which return card names/descriptions/comments), so untrusted third-party text could be read and influence subsequent actions like creating, moving, or commenting on cards.