spec-driven-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly requires running specify init which installs spec-kit prompts/agents from the public GitHub repo (https://github.com/github/spec-kit) into the project and states that these dynamic, runtime prompts (in .github/agents or .claude) become available and drive the /speckit.* commands, meaning untrusted third-party content can be fetched and directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing and initializing the GitHub spec-kit from git+https://github.com/github/spec-kit.git (https://github.com/github/spec-kit), which at install/runtime fetches remote code that installs prompts/agents (e.g., into .github/agents/) that directly provide and control the /speckit.* commands used at runtime, making it a required external dependency that can control agent prompts/execute code.