research-curator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly accepts arbitrary https?:// URLs (Default Mode steps 1–2 and the Batch Mode URL Parsing/Wave Spawning procedures) and spawns agents with prompts like "Research and create an entry for: {URL}", meaning the system will fetch and interpret untrusted public webpage content which can drive file creation, further agent tasks, README updates, and commits — exposing it to indirect prompt-injection risk.