agent-orchestrator-parallel-coding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests public, user-generated content (e.g., starting from GitHub URLs and integrating with trackers/CI) — see "ao start https://github.com/your-org/your-repo" and the reactions examples ("ci-failed: action: send-to-agent" and "changes-requested: action: send-to-agent") which send CI logs and review comments to agents to drive fixes, so untrusted third-party content is read and can change agent actions.