spec-driven

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's design and research workflow explicitly instructs the agent to perform web/documentation lookups (see references/research.md "Use available documentation lookup and web search tools" and design.md Step 5 requiring research for new technologies), which means it fetches and ingests open/public third‑party content (including community sources) as part of required workflow and thus could enable indirect prompt injection despite guidance to treat such content as untrusted.