todoist-due-drafts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated/untrusted content—Todoist tasks (todoist-cli), meeting transcripts via Granola/Grain (mcporter calls such as mcporter call grain.fetch_meeting_transcript), and email history via gog/Gmail searches—and directly uses that content to draft emails, so third-party content can materially influence the agent's actions.