retro

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git network commands at runtime (e.g., "git fetch origin main" and subsequent "git log origin/main"), which fetches commit history from the configured remote "origin" (origin/main) and injects that external repository content into the agent's analysis—so the remote repo (origin) can directly control prompts/agent output.