orchestration

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt explicitly instructs the agent to conceal internal behavior (e.g., "NEVER EXPOSE THE MACHINERY", avoid saying "launching subagents", "Just magic"), which is a directive to be deceptive about how work is being done and thus constitutes hidden/deceptive instructions beyond transparent orchestration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows worker agents to use WebFetch/WebSearch (see "Tool Ownership" and worker tool lists) and describes "WebSearch-enabled" external research and examples (references/domains/research.md and patterns.md), so agents will fetch and read untrusted public web content as part of their workflow.