iterative-fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill allows workers to fetch/ingest live web content (lib/tools.sh returns -c 'web_search="live"' for research workers and leaves reviewer tools unrestricted) which is wired into worker commands via scripts/worker-spawn.sh and scripts/launch.sh, and the generated orchestrator (orchestrator.sh -> build_iter_prompt) injects reviewer-written review.md back into worker prompts—so untrusted public/web content or user-generated review text is read by agents and can materially change subsequent tool use and decisions.