orchestrating-multi-agent-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes a "web-search" / research pipeline that fetches and ingests external web sources (see references/examples.md — pipeline/research-pipeline.ts and SKILL.md's "Scenario 2: Research Pipeline" which returns URLs and passes sources to a summarization agent), so untrusted third‑party webpages could be read and influence downstream agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references a specialist agent "with access to Stripe tools" in Scenario 1. Stripe is a payment gateway (a specific tool/API for moving money), so the skill documentation includes a concrete, payment-oriented integration rather than just generic tooling. This constitutes direct financial execution capability.