spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill supports importing and syncing external specs via URLs (e.g., "/spec --import https://github.com/leafspec/spec" and raw URLs), which causes the agent to fetch and read arbitrary public GitHub/raw web content (user-generated/untrusted) and then interpret it to generate README, tasks, and sync behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The /spec --import flow fetches external spec content at runtime (example URL: https://github.com/leafspec/spec) and uses the imported files to generate TASKs and act as the spec "source of truth," meaning remote content can directly influence agent prompts/behavior.