context-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's research-agent and /research command explicitly invoke a CLI that retrieves online documentation and papers (e.g., research docs -t "{query}", providers like docfork/perplexity, and returned fields "url"/"content" in agents/research-agent.md and SKILL.md), so the agent ingests public third‑party content which could carry malicious or instructional text.