cmd-speckit-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones the public GitHub repository https://github.com/github/spec-kit.git (step "Clone upstream") and copies/personalizes files (e.g., .specify/memory/constitution.md) including executable scripts into the project, which means untrusted third-party content is ingested and can influence subsequent actions or tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill performs a runtime git clone of https://github.com/github/spec-kit.git to populate .specify/, including .specify/memory/constitution.md which is intended to be the agent "constitution" (directly controlling agent prompts/instructions) and also pulls executable shell scripts into the project, so the fetched content can directly control agent behavior and provide remote code.