agency-client-handoff

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.72). The workflow copies and ingests outsider-authored free text from clients/<slug>/results.json and clients/<slug>/deliverables/ (which are not guaranteed to be user-authored) into LLM-readable prompt libraries via node scripts/extract-prompts.js ... > prompts/prompt-library.json, creating indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README includes an explicit install command that will be run during regeneration/cold-test — "curl -fsSL https://picsart.com/gen-ai-cli/install.sh | bash" — which fetches and executes remote code and is required for the handoff's regen workflow, so it is a runtime external dependency that executes code.