multi-agent-composition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to fetch and scrape public URLs and external documentation as part of its workflows (e.g., "AI Docs Loader" in examples/case-studies.md: "For each URL ... spawn sub-agent ... Sub-agent scrapes URL" and the meta-agent flow that "Fetch[es] Claude Code sub-agent documentation / 11Labs API docs"), meaning untrusted third-party web content is read and used to drive planning and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The AFK agent example shows a runtime job that fetches external docs via the provided URL (https://openai-agent-sdk.com/docs) which a meta-agent uses to read documentation and generate system prompts/configuration, meaning that remote content can directly control agent prompts and behavior.