sub-agent-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow's "researcher" agent (agents.researcher) explicitly instructs "Use web search and any available tools" and lists WebSearch/Read as tools, meaning the orchestrator fetches and ingests open/public web content (untrusted third-party sources) whose outputs are then consumed by downstream agents (pain_identifier, pricing_analyst, proposal_writer) and can materially influence decisions and actions.