speckit-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs fetching and cloning the public GitHub spec-kit (https://github.com/github/spec-kit) and reading its templates/scripts/tags to generate diffs and apply changes, so the agent would ingest and act on untrusted, user-editable third-party repository content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching the upstream repository via git clone (https://github.com/github/spec-kit), then importing its templates/commands (which can directly control agent prompts) and scripts (which could be executed), making that remote repo a runtime dependency that can control prompts or run code.