beads

Warn

Audited by Snyk on May 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). SKILL.md and references/sync.md (Daily Workflow / Sync & Integration) explicitly instruct agents to run bd sync and provider-specific commands like bd github sync, bd gitlab sync and bd jira import which fetch and ingest updates from third‑party issue trackers (GitHub/GitLab/Jira/etc.), i.e., untrusted user-generated content that can materially change the agent's next actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 06:37 AM
Issues
1
Security Audit — snyk — beads