beads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The beads-worker workflow (agents/beads-worker.md) explicitly reads task JSON and comments via bd show <task_id> --json and bd ready --json, extracts skill: labels and descriptions, and then activates suggested/runtime-discovered skills (references/skill-catalog.md) and executes work based on those user-provided task descriptions—meaning untrusted, user-generated content from the repository can directly influence tool selection and actions.