agent-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly enables and expects fetching public web content: several persona frontmatters (e.g., personas/product-manager.md and personas/data-ai/ai-engineer.md) list WebSearch/WebFetch and MCP context7 tools, and the README/installation sections instruct cloning public GitHub repositories, which demonstrates the agent will ingest untrusted, user-generated public web content (docs/repos) that can materially influence its decisions and tool use.