beads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests external, user-generated tracker content via sync/integrations (e.g., "bd github sync", "bd gitlab sync", "bd jira import" in references/sync.md and SKILL.md) and instructs agents to read that data (e.g., "BD_AGENT_MODE=1 bd ready --json" in SKILL.md/workflow), so arbitrary third-party issue text could materially influence agent decisions and tool use.