agent-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly tells agents to invoke external web-fetching (e.g., "$web-fetch-to-markdown " in step 1) and to identify/ingest authoritative sources, which indicates the orchestrator may fetch and act on arbitrary public web content that could contain untrusted instructions.