bmad

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill submits phase documents to the third-party plannotator service (see scripts/phase-gate-review.sh and the SKILL.md/SETUP.md plannotator phase-gate descriptions), and the agent relies on plannotator user-generated annotations/approve/request-changes results to decide whether to advance phases, so untrusted third-party content can materially influence agent actions.