researching-codebases

This manifest configures a capable web-research subagent that, while designed for legitimate information retrieval and synthesis, grants broad privileges that create straightforward and significant data-exfiltration paths (local file enumeration/reads combined with unrestricted outbound network access and third-party model calls). No explicit malicious code is present in the fragment; the primary risk is abuse or accidental leakage due to overly permissive defaults. Before deploying in sensitive environments, enforce least-privilege access, network allowlists, prompt/data sanitization, and auditing.