dag-fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables web access for "research" workers and constructs provider commands that include web_search / fetch_content (see references/worker-types.md, lib/tools.sh's get_pi_tools and get_codex_extra_flags, and lib/worker-spawn.sh / scripts/launch.sh), so workers will fetch and read arbitrary public web content which can influence downstream worker behavior in the DAG.