bmad-workflow-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Convert flow explicitly accepts a URL and Step 1 of references/convert-process.md requires fetching the raw content for that URL ("If a URL was provided, fetch the raw content"), so the agent will read and interpret arbitrary public web content as part of its conversion workflow, allowing third-party instructions to influence subsequent tool use and decisions.