bd-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly reads live, user-generated account data via the bd CLI / bitdrift API (see SKILL.md "Trust boundary" and many commands such as bd workflow charts, bd timeline logs, bd issue list) and instructs the agent to analyze that content as part of its workflow, so untrusted third-party text from sessions/issues could indirectly influence decisions.