retrospective-artifacts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requests and fetches user-provided GitHub/Jira/Mattermost links as part of its required CREATE workflow (see SKILL.md "Step 3: External context acquisition" and references/external-context-acquisition.md) and includes concrete fallback scripts (scripts/fetch_github_context.py, scripts/fetch_jira_context.py, scripts/fetch_mattermost_thread.py) that ingest untrusted, user-generated third‑party content which the agent must read and which can materially influence artifact generation and downstream decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs fallback scripts at runtime that fetch and inject external issue/PR/thread content into the agent's context (e.g., scripts/fetch_github_context.py calling https://api.github.com and user-supplied GitHub PR/issue URLs like https://github.com///(pull|issues)/), so externally-hosted content is retrieved during execution and can directly influence prompts.