bmad-readiness-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s runtime LLM context is fed by reading planning artifacts from the user’s workspace (e.g., bmad-output/prd*.md, architecture*.md, optional epics*.md, and stories/*.story.md) via the pre-flight script’s discovered file paths; these documents are outsider-authored unless the operating user authored them, so the workflow can ingest arbitrary free text from those files into the agent’s context.