backlog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs the agent to fetch and interact with Backlog data (e.g., actions like list-comments, get-issue, list-issues and proxy requests to the Backlog API via Membrane) which are untrusted, user-generated third-party contents that the agent is expected to read and could materially influence its actions (see the "Popular actions" and "Proxy requests" sections in SKILL.md).