spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests external, user-generated content (e.g., GitHub/Notion/Linear via Step 0.8 in workflows/new.md and the spec-planner agent which has WebFetch/WebSearch), and that EXTERNAL_CONTEXT is loaded and used by the planner to create actionable plans, so untrusted third‑party content can influence decisions and subsequent tool actions.