speckit-proc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill clearly ingests untrusted user content: stages/01-preflight/CONTEXT.md instructs fetching issue title/body/labels/comments and identifying referenced URLs via gh issue view, and stages/02-specify/CONTEXT.md instructs the worker to "read the issue references, fetch any URLs," meaning arbitrary public issue text and linked web pages are read and used to drive worker actions.