second-opinion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scripts/consult.sh workflow unconditionally injects a web_search tool into the model request (build_request_json) and includes the developer instruction "Peer SWE consultant; use web search when helpful," meaning the peer LLM can fetch and read open web pages via the API call (API endpoint in the script), exposing it to untrusted third-party content that can influence its recommendations.