opencode-orchestrator-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's AGENTS.md workflow explicitly instructs the orchestrator to dynamically discover and curl other servers (e.g., scanning ports and calling http://localhost:/config and /agent) and to parse those responses to choose servers and drive actions, so it ingests and acts on untrusted, runtime-provided agent content from external servers.