todoist-due-drafts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and interprets user-generated third-party content—Todoist tasks plus meeting transcripts via Granola/Grain and Gmail thread history—and uses that content to draft emails and decide actions, so those external meeting/email contents could indirectly inject instructions into the agent's workflow.