spec-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The workflow's Step 1.3 explicitly mandates using "Real-world GitHub examples | grep-mcp" as part of required exploration, which directs the agent to fetch and read public GitHub (user-generated, untrusted) content that can influence design decisions and subsequent actions.