spec-driven

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required research and planning workflows explicitly instruct the agent to fetch and use web/searched documentation as untrusted input (see references/research.md "Use available documentation lookup and web search tools", plan.md Step 3 "Research Phase", and the SKILL.md Knowledge Verification Chain Step 4: "Web search"), and those external findings are synthesized into .artifacts/research/ and used to inform architecture decisions—so public third‑party content is ingested and can materially influence actions.