autoresearch-fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator (generated in orchestrator.sh) explicitly triggers a "PLATEAU" mode that tells the agent "You MUST search the web before coding" and it enables web_search/fetch_content tooling (via PI_TOOLS, codex_extra_flags and a claude --tools injection in build_inner_cmd/worker-spawn.sh), so the agent will fetch and act on arbitrary untrusted web content as part of its workflow.