workflow-project-intake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill can accept a user-provided repo_root (local path or repo link) and explicitly checks/reads files in the repository (e.g., openspec/project.md, context.json, proposal.md), meaning it may ingest arbitrary third‑party/public repo content that could contain untrusted user-generated instructions.