specstory-link-trail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill parses SpecStory history files produced by WebFetch (parse_webfetch.py reads .specstory/history files and passes fetched result content into extract_urls_context.py and generate_report.py), which ingests and summarizes arbitrary public URLs and their page content (e.g., docs.github.com, stackoverflow.com) — i.e., untrusted, user-generated third‑party web content that the agent reads and interprets as part of its workflow.