backlog-connector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches user-generated Backlog issue content from a third-party Backlog instance (see src/index.ts using axios.get to backlogSys.space_url/api/v2/issues and src/lib.ts's curl-based fetchBacklogIssues), so untrusted issue text returned by those endpoints could be read and influence the agent's subsequent decisions or actions.