signoff-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill uses GitHub CLI commands to list, clone, and read repositories (e.g., "gh repo list", cloning "HALO/my-project", and reading _bmad-output/governance/governance.yaml and initiative files), which means it will fetch and interpret arbitrary public/user-provided repo content from GitHub and thus is exposed to untrusted third-party input.