project-initializer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's mandatory Phase 3 calls scripts (python <skill_dir>/scripts/initialize_sdd.py) that install and invoke external SDD CLIs via npm/npx/uv/git (e.g., openspec, specify, get-shit-done) which fetch remote templates/packages and produce SDD documents that the skill then reads and enforces (Phase 4 checks), so untrusted third-party content from public package registries/repositories can be ingested and materially influence agent checks and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Phase 3 explicitly requires running an initializer that installs SDD CLIs at runtime (e.g., SpecKit via "uv tool install specify-cli --from git+https://github.com/github/spec-kit.git"), which fetches and executes remote code that the skill depends on to provision SDD behavior and thus can directly influence prompts/execution.