bdi-mental-states

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests "external RDF context" (SKILL.md T2B2T pipeline) and the code (references/framework-integration.md and BDILogicAugmentedGenerator / BDIMentalStateStore) shows parsing RDF from external sources and SPARQL endpoints (e.g., real-time traffic data, push notifications, triple-store endpoints), which the agent turns into beliefs/desires/intentions and can trigger actions (e.g., payments), so untrusted third-party triples can materially influence behavior.