matthew-a-carr/draft-spec
Draft a SPEC from a GitHub issue and open a PR for review. Use when triggered by a routine on `Issue opened` with label `ai:plan`, or when a user asks to "draft a spec from issue #NNN". Non-interactive — proceeds on best interpretation and surfaces any unresolved questions in the SPEC's §Open Questions section rather than blocking for clarification. The PR review loop is where ambiguity gets resolved.
78
90%
Does it follow best practices?
Impact
100%
3.03xAverage score across 1 eval scenario
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.85). In routine mode, the skill reads the GitHub issue title/body (outsider-authored issue text) via `mcp__github__issue_read` and then uses that body as the source of truth to fill the SPEC sections and PR body, so free-form outsider text is ingested into the LLM context.
- Audited
- Security analysis