beads-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to use the GitHub MCP to check PRs, CI/review status, and create/link GitHub issues (e.g., "Check GitHub: Use GitHub MCP to verify no blocking PRs" and "Check if related PR is merged (use GitHub MCP)"), meaning it ingests user-generated third‑party GitHub content that can directly influence agent actions like closing or updating issues.