spec-driven

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and synthesize web documentation and community sources (see references/research.md "Use available documentation lookup and web search tools" and its Content Trust Boundary, plan.md Step 3 "Research Phase", and SKILL.md Knowledge Verification Chain Step 4 "Web search"), meaning untrusted, user-generated third‑party content (e.g., Stack Overflow, blogs) is read and can materially influence planning and decisions.