dag-fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly enables workers of type "research" to use WebFetch/WebSearch (SKILL.md "research — web access enabled" and references/worker-types.md) and the launcher/spawn logic injects codex flags (-c 'web_search="live"') and allows prompt.md to include external sources (SKILL.md and relaunch-worker.sh: "add the new sources / instructions"), so the agent-run workers will fetch and interpret arbitrary public web content that can affect downstream workers and actions.