feature-spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly directs the agent to read external public specifications (e.g., https://modelcontextprotocol.io/specification/2025-11-25 and the GitHub MCP Apps spec URL) and local/remote repo sources as required project context, so it will fetch and interpret third-party web content that can influence design and actions.