pm-cli-usage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly fetches tasks from third-party providers (Asana and Notion) — e.g., "pm tasks show" and "pm branch" — and notes task titles/descriptions are user-generated (may contain HTML/markdown) which are read and used (e.g., for branch-name creation), so untrusted content can influence agent actions.