langgraph-agent-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly invokes external web/search sources and ingests their results for downstream processing (e.g., references/supervisor-subagent.md: researcher_node uses TavilySearchResults.invoke to fetch search results; references/orchestrator-worker.md and rule-based decomposition list "web_search", "news_search", "academic_search" subtasks), so the agent reads and acts on untrusted public third‑party content and is therefore exposed to indirect prompt injection.