bw-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly points agents to fetch the public Markdown docs ("Markdown version (for agents): https://bitwarden.com/help/cli.md") and documents commands that ingest untrusted user-provided content/URLs (e.g., bw receive , bw sync/config server to arbitrary endpoints), so the agent may read and interpret third-party/user-generated content as part of its workflow.