trello

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to connect to Trello and use Membrane actions and proxy requests (e.g., "membrane action run" and "membrane request") to fetch and operate on Trello boards, cards, comments and attachments—user-generated, public/third-party content that the agent is expected to read and act upon, enabling indirect prompt injection.