spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub epic/issue content ("Invocation: /spec https://github.com/..."; "Fetch epic, extract child tickets" and "Read ALL tickets upfront" sections) — untrusted, user-generated issue bodies are read and interpreted and can directly influence dependency graph, autonomous decisions, contract generation, and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches GitHub epic/issue content at runtime (e.g., https://github.com/org/repo/issues/123) and injects ticket bodies/upstream contracts into teammate prompts, so remote issue content directly controls agent instructions.