spec-driven-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Plan workflow explicitly instructs the agent to "Research technical approaches ... use available tools (web search, documentation) to inform decisions" (references/spec-plan.md, Mode: Create), which requires fetching and interpreting open/public web content that can influence design and implementation decisions and thus enables indirect prompt injection.