implement-feature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill reads outsider-authored free text from specs/{feature}/README.md and specs/{feature}/requirements.md (and tasks/task-{nn}-*.md) at runtime, then injects that prose into coder/review/fix agent prompts via the {requirements} and {task_content} placeholders—so any content authored by someone other than the operating user can become LLM context (indirect prompt injection risk).