bit-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read and act on CLI_REFERENCE.md as part of its workflow (SKILL.md: "READ the file CLI_REFERENCE.md ... using the Read tool"), and the README shows those files are fetched from a public third‑party URL (raw.githubusercontent.com), so public web content can directly influence command selection and actions.