spec-to-backlog

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches Confluence pages at runtime (e.g., https://yoursite.atlassian.net/wiki/spaces/SPECS/pages/123456 and the pattern https://[site].atlassian.net/wiki/spaces/[SPACE]/pages/[PAGE_ID]/[title]) via getConfluencePage and uses that fetched page content to drive prompt generation and create Jira tickets, so the external URL directly controls agent instructions.