openai-symphony-autonomous-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the Linear integration (Symphony.Linear.Client.fetch_todo_tasks calling https://api.linear.app/graphql) fetches issue titles/descriptions (user-generated/untrusted content) which are passed into Symphony.AgentRunner.run and fed to Codex/agents to implement tasks and open PRs, so third-party task content can directly influence agent behavior and tooling.