bmad-help

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Data Sources and Module docs sections explicitly instruct fetching and using module documentation referenced by URLs or remote "meta" rows in the catalog (e.g., "rows with _meta ... carry a URL or path in output-location" and "Fetch and use these" / "retrieve all meta rows remote sources"), meaning it will ingest external third‑party pages that can influence its recommendations.