spec-driven-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly requires checking existing third-party, user-generated issues (providers/github.md: gh issue list --search "关键词" and providers/linear.md: search "<关键词>") and using those results to decide whether to create or modify issues, so it fetches and interprets untrusted public content that can influence agent actions.