todoist-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly shows runtime ingestion of user-generated Todoist content — e.g., api.get_tasks()/api.get_comments() in the weekly_review/daily_report examples and the /webhook/todoist handler that parses event_data — and that content is used to make decisions and drive actions (creating/updating tasks, syncing to calendar), so untrusted third-party task/comment content could indirectly inject instructions.