retro

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The skill injects numerous side-effecting instructions outside a retrospective (auto-changing repo files like CLAUDE.md and committing them, toggling telemetry/proactive settings, running upgrade/migration flows, removing vendored code, and other config changes) which are not part of "weekly engineering retrospective" behavior and therefore constitute hidden/deceptive instructions outside the skill's stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses remote repository data and user-generated text (e.g., git fetch origin <default>, git log origin/<default> ... / gh pr view / global discovery git -C <path> fetch origin and gbrain/artifacts sync), and then reads/infers from commit messages, PR titles, and remote artifacts to drive its analysis and actions — so untrusted third‑party content can directly influence decisions and tool use.