workflow-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The Research workflow explicitly routes to an "oracle" (Librarian) that performs "Comprehensive research using MCP tools (nia, perplexity, repoprompt, firecrawl)", which indicates the agent will fetch and ingest open/public third‑party content (web/search/crawled sources) and thus read untrusted user-generated or public content as part of its workflow.