gspdev-runtime-compat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 ("Fetch live documentation") in SKILL.md explicitly directs the agent to fetch and extract specs from public documentation URLs (e.g., https://code.claude.com, https://opencode.ai, https://geminicli.com, https://developers.openai.com) and use that parsed frontmatter to drive mapping and installer changes, so untrusted third‑party page content can materially influence tool behavior and actions.