beads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and workflow explicitly instruct the agent to evaluate and act on external, user-generated sources—e.g., resources/ASYNC_GATES.md shows bd gate types like gh:run and gh:pr that "check GitHub API" and auto-close based on CI/PR status, and resources/CLI_REFERENCE.md documents --external-ref accepting full URLs (https://github.com/...) and sync/gate commands that pull remote state—so the agent will fetch and interpret untrusted third‑party content that can change subsequent actions.