oh-my-ai/discovery-interview
Interactive discovery interview → structured product spec. Triggers: spec, PRD, requirements, scoping, brainstorming, new project. Uses AskUserQuestion; WebSearch/WebFetch when user wants research. Outputs user stories, acceptance criteria, constraints.
99
100%
Does it follow best practices?
Impact
96%
2.28xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly requires running research loops using WebSearch/WebFetch (see SKILL.md: "WebSearch/WebFetch when the user wants research" and the mandated "At least one research loop" with example WebSearch + WebFetch), which fetches and interprets open/public web content that can directly influence decisions and the generated spec.
- Audited
- Security analysis