setup-speckit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs cloning public GitHub repositories (e.g., "git clone --depth 1 https://github.com/fellowship-dev/spec-kit.git" under "Installation Steps: 1. Clone Spec-Kit to a temp directory") and copying their templates and .claude/commands into the repo, so untrusted, user-generated third‑party content from the open web will be ingested and then used as slash-command instructions that can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation clones https://github.com/fellowship-dev/spec-kit.git at runtime and copies templates and .claude/commands files (slash-command prompts) into the repo, so remotely fetched content directly supplies and controls agent prompts and is a required dependency.