bdi-mental-states

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary external RDF/context and SPARQL endpoints (see SKILL.md T2B2T "Triples-to-Beliefs" and references/framework-integration.md BDILogicAugmentedGenerator and BDIMentalStateStore which parse external Turtle and open SPARQL endpoints), and those untrusted third‑party triples are used to form beliefs, desires, intentions and drive actions (e.g., payment example), so external content can materially change agent behavior.