bmad

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill integrates the third‑party plannotator service as a required phase‑gate (see SKILL.md/SETUP.md) and the runtime script scripts/phase-gate-review.sh submits local docs to plannotator (and install.sh fetches plannotator from plannotator.ai), meaning the agent relies on user-generated/third‑party annotations/approvals from that external UI which can influence phase transitions and agent actions.