spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public, user-generated content: SKILL.md and steps/step-01-discover.md allow -f with a URL or GitHub issue and call gh issue view, and they launch "general-purpose" subagents for web research, so untrusted/public web content (GitHub issues, arbitrary URLs, search results) is read and used to drive spec decisions and downstream actions.