autoresearch-fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator (scripts/launch.sh → generated orchestrator.sh) explicitly enables plateau-triggered web search—injecting "You MUST search the web before coding" into the agent prompt and passing codex flag web_search="live" or adding claude "--tools default"—so the agent will fetch and act on open/public web content (search results) which can materially influence commits and subsequent tool use.