jdi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly invokes /task-management next and /task-management context (steps 3–4) to ingest task titles/descriptions — which may come from backends like Beads, GitHub Issues, or other user-generated task systems — and then builds agent prompts from that task context (step 8) and uses the results to drive routing and tool actions (step 11), meaning arbitrary third-party/user content can influence decisions and actions.