beads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to use async gates that evaluate third‑party services (e.g., "gh:run:" and "gh:pr:") and to run commands like bd gate eval which "Checks GitHub API, closes on success/failure" (resources/ASYNC_GATES.md and CLI_REFERENCE.md), meaning the agent will fetch and interpret user-generated GitHub/CI data and take actions (auto-close/unblock) based on that untrusted external content.