task-kanban

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly calls gh task pull <owner> <num> to fetch a GitHub Project's columns into TASKS.md (SKILL.md "ワークフロー" step 1 and CLI reference), which ingests user-generated, public GitHub content that the agent reads and uses to determine board columns/statuses and subsequent actions, creating a clear vector for indirect prompt injection.