create-specs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and installs scripts from a public GitHub raw URL (see "CRITICAL FIRST STEP" curl commands fetching https://raw.githubusercontent.com/github/spec-kit/main/scripts), which are untrusted third‑party resources that the agent is instructed to fetch and use and could therefore inject instructions that materially affect subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime explicitly downloads and makes executable multiple scripts from https://raw.githubusercontent.com/github/spec-kit/main/scripts (e.g., check-prerequisites.sh, update-agent-context.sh), which are required for operation and can execute remote code and modify agent context, so this is a high-confidence runtime external dependency.