beads-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly integrates with GitHub ("GitHub MCP") and instructs the agent to check and interpret PRs, issues, and PR descriptions/status—public, user-generated content from third-party repositories—so the agent would ingest untrusted external content.