spec-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Step 4 of the workflow explicitly directs installing a third‑party GitHub package via "npx skills install HHU3637kr/skills", which would fetch untrusted, user‑provided code into .claude/skills that the agent loads and uses—allowing external content to influence its decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the user to run "npx skills install HHU3637kr/skills", which at runtime fetches and executes remote code from the HHU3637kr/skills repository (installing Skill modules that can control agent prompts), so it is a runtime external dependency that can execute remote code and influence prompts.