bmad

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly submits phase documents to the third‑party plannotator service (see SKILL.md, SETUP.md and scripts/phase-gate-review.sh) and the agent is expected to read/act on plannotator annotations/approvals (user-generated content) which directly gate phase transitions and trigger follow-up actions, creating a clear path for indirect prompt injection.