speckit-initial

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs running "specify init" which "pull[s] .specify/ (memory, scripts, templates, specs)" and references the public GitHub spec-kit (https://github.com/github/spec-kit), meaning the agent will ingest public repository content (untrusted third‑party) that registers slash commands and can materially change agent behavior.