orchestrating-multi-agent-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Research Pipeline (SKILL.md Scenario 2) and the detailed example in references/examples.md define a "web-search" agent/tool that searches the open web and returns URLs/sources which are then parsed by downstream summarization and report-writing agents, meaning untrusted public web content would be ingested and could materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references a specialist agent "with access to Stripe tools" in Scenario 1. Stripe is a payment gateway (a specific tool/API for moving money), so the skill documentation includes a concrete, payment-oriented integration rather than just generic tooling. This constitutes direct financial execution capability.