team-coordinator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs delegating web scraping/data-collection to the "小data" employee (员工能力矩阵 lists "网页抓取、数据清洗、爬虫" and the task flow shows "小data: 采集数据"), so the agent will ingest and act on untrusted public web content that could carry indirect prompt injection.