agent-skill-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The orchestrator explicitly identifies and plans for "web" and external integrations (see Step 1 "Required capabilities — web access" and the "Web Research + Documentation" example in SKILL.md) and its execution flow calls out invoking MCP/agent tools (invokeMCPTool/invokeAgent) to perform tasks, which implies the agent will fetch and interpret public web/third‑party content (e.g., competitor websites, Notion pages) that can influence subsequent tool selection and actions.