spec-driven-planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and examples (e.g., examples.md "Customer language captured verbatim from forums, reviews, and social media", the Phase details that require extracting pricing from competitor websites with fallbacks to G2/Capterra, and templates/spec.md phases that instruct reading and using sourced web content) explicitly direct the agent to fetch and interpret untrusted, user-generated public web content and to act on those findings (e.g., craft approach angles and recommendations), which creates exposure to indirect prompt injection.