beads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to run bd commands like "bd ready" and "bd show " to load issue notes/design fields from the git-backed .beads repository (see SKILL.md Session Protocol and RESUMABILITY.md) and to evaluate external conditions via GitHub gates (ASYNC_GATES.md checks the GitHub API), meaning the agent will ingest and act on user-generated/third-party content from repositories and CI/PR APIs that could contain malicious or misleading instructions.