content-os

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The orchestrator explicitly ingests external content — e.g., it runs PubMed searches via pubmed_client.search_and_fetch, optionally performs "social-media-trends-research", and accepts/backward-mode parses user-pasted long-form content — all of which are open/public or user-provided sources that the agent is expected to read and incorporate into its workflow, enabling indirect prompt injection.