qe-sparc-methodology

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly defines a "researcher" mode that performs "parallel WebSearch/WebFetch" (Analysis and Research Modes) and shows workflows that feed researcher outputs into subsequent orchestration steps (e.g., sequential pipelines and TDD flows), so untrusted public web content can be fetched, interpreted, and materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime use of NPX/claude-flow which will fetch and execute remote package code (e.g., https://www.npmjs.com/package/claude-flow and the referenced repo https://github.com/ruvnet/claude-flow), so the external package is a required runtime dependency that can execute code and control the agent's modes/instructions.