research-curator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The orchestrator explicitly parses arbitrary https:// URLs in Default and Batch modes and spawns the @research-curator agent with prompts like "Research and create an entry for: {URL}" (see "Default Mode" workflow and "Batch Mode" URL Parsing in references/batch-mode.md), meaning the agent is expected to fetch and interpret untrusted public web content which can materially influence subsequent tool use and actions.