entropy-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow calls the GitHub API (e.g., gh api repos/$FULL_REPO/pulls/{PR_NUMBER}/files, gh issue list, and gh api repos/fellowship-dev/spec-kit/contents/...) to read PR file lists, open issues, and remote repo contents (user-generated GitHub data) and uses those results to compute grades and trigger actions like creating issues, so it consumes untrusted third‑party content that can materially influence decisions.