asana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated Asana content via Membrane (e.g., actions like "list-task-comments", "list-tasks", "get-task" and the "membrane request" proxy), meaning the agent will read/interprete task descriptions and comments from third-party users that could contain instructions influencing subsequent actions.