specstory-link-trail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly parses local SpecStory history files (".specstory/history" per SKILL.md) using parse_webfetch.py and extract_urls_context.py to ingest WebFetch tool results and extracted URLs (including content from public sites like stackoverflow.com, docs.python.org, github.com shown in the docs), so untrusted third‑party page content is read and summarized as part of its workflow and could influence follow-up actions.