delegate-multi-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly configures a "research" sub-agent to use web-fetch and brave-search to find and summarize public web sources (see SKILL.md Research Workflow and config/DELEGATE_AGENTS.json allowed_tools), so it ingests untrusted third‑party web content that can materially influence delegation and downstream actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill explicitly grants a "coding" sub-agent file_read/file_write/file_edit capabilities which can modify files on the host (potentially altering machine state), but it does not request sudo, creating users, or direct modification of system-level configs—so it poses a moderate but not maximal risk.