beads-issue-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's auto-sync workflow explicitly imports JSONL after a "git pull" ("Import from JSONL when newer than DB (after git pull)") and references a public GitHub repo, so it can fetch and ingest untrusted, user-generated content from remote repositories which the agent then reads and uses to decide/assign work, enabling indirect prompt injection.