spec-kit-parallel-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's installer (scripts/install.sh and install_skill_dir) explicitly downloads patches and a skill bundle from public GitHub raw/codeload URLs and then installs or appends prompt/templates into .codex/.claude files that the agent will use, exposing the agent to untrusted public content that it will read and execute as part of its workflow.