tasks-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to have the user provide or duplicate a Notion board URL (e.g., https://notion.notion.site/code-with-notion-board) and then uses Notion MCP tools to inspect the board structure, meaning the agent will fetch and interpret untrusted, user-generated Notion page content as part of its workflow which can influence its decisions.