devpilot-trello

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call the Trello API (e.g., GET /boards/{id}?lists=open&cards=open and GET /cards/{id}?...&actions=commentCard) to fetch user-generated board/list/card/comment content and to use that content for name resolution and to decide/create/move cards, so untrusted third-party text could influence actions.