sdd-implement-spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill ingests outsider-authored free text via runtime-loaded spec files from specs/<date>-<slug>/ (e.g., requirements.md, plan.md, validation.md), which are not authored by the operating user and are read into the agent’s LLM context during Phase 2 parsing.