orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Plan Workflow (section 3.1 "Source Types") explicitly instructs the agent to fetch and ingest user-generated content from external sources—e.g., "gh issue view --json body,comments", "gh pr view --json body,comments", and "Jira API"—which the orchestrator must read and use to form plans and dispatch workers, allowing untrusted third-party text to influence behavior.