incident-retrospective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required workflow uses Slack MCP and Linear MCP at runtime to “list recent messages/issues” and then constructs a prompt containing that incident-channel and ticket text, so outsider-authored free-form content from Slack/Linear is ingested into the agent’s LLM context via the MCP-fetched message/issue bodies.