beads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to run bd sync (references/sync.md) and to use BD_AGENT_MODE=1 bd ready --json (references/workflow.md), which pull and surface issues from external remotes and integrations (GitLab/Linear/Jira/Dolt remotes) that are user-generated/untrusted and can directly influence agent decisions and subsequent tool actions.