spec-workflow-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly runs GitHub CLI commands (e.g., "gh issue view {issue_number}" and "gh run list/gh run view") and instructs the agent to "Read the issue carefully" and use that issue/spec content to drive workflow generation and PR text, meaning it ingests user-generated GitHub issue/run content (untrusted third-party content) that can materially influence actions.