beads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests and acts on external, user-generated third‑party content—e.g., resources/ASYNC_GATES.md and resources/CLI_REFERENCE.md describe gate types like gh:run and gh:pr and state that bd gate eval checks the GitHub API (and mail/CI statuses) to auto-close/unblock gates—so the agent will fetch and interpret public CI/PR/email data that can materially change its actions.