backlog-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches and displays user-generated content from a Backlog space via the Backlog API (e.g., issue descriptions and comments via "backlog issue view --comments", wiki pages via "backlog wiki view", notifications via "backlog notification list", and arbitrary endpoints via "backlog api"), so the agent would read untrusted third-party user content that could contain indirect prompt-injection.