workflow-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — multiple workflow templates and agent configs (e.g., references/builder-only.yaml and references/build-verify-plan.yaml) explicitly grant agents a "webfetch" tool and the SKILL.md Integration section documents HTTP/OpenCode integrations, meaning agents will fetch and read arbitrary public web content that can be interpreted and used to drive subsequent agent actions.