agents-consilium

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows agents to "use web search / fetch if their backend supports it" (see "Agent Freedom and Read-Only Guardrails" in SKILL.md) and the consensus/code-review workflows spawn backends (OpenCode, Claude Code, Codex, Gemini) that can fetch and interpret public web content, so untrusted third-party pages can influence agent recommendations and findings.