bonsai-impl-bcf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads and parses external BCF files and external links (e.g., bpy.ops.bim.load_bcf_project(filepath="/path/to/…"), BcfStore.get_bcfxml() calling bcf.bcfxml.load(props.bcf_file), and AddBcfReferenceLink/OpenBcfReferenceLink for URLs), treating their user-generated topic/comment/viewpoint data as input that is then used to drive actions (activate viewpoints, select/apply components), so untrusted third-party content can influence behavior.