spezi-platform-selection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's clone helper (scripts/clone-template.sh) explicitly clones public GitHub repositories (e.g., https://github.com/CS342/ReactNativeTemplateApplication and https://github.com/StanfordSpezi/SpeziTemplateApplication) and the workflow then requires the agent to "inspect the cloned repository's local instructions" and its skills/, meaning the agent will read and act on untrusted third‑party content from those public repos.