speckit-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches target versions from the public GitHub Releases API and downloads templates from GitHub during fresh installs (see "Process" step 3 and "Fresh Installation" / "downloads templates from GitHub"), and the agent parses and acts on those fetched file contents/summary (presenting change summaries, deciding to apply updates, and re-invoking the update) so untrusted third‑party content can materially influence its actions.