iterative-fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly enables worker-level web access to fetch arbitrary public content (e.g., lib/tools.sh: get_pi_tools returns web_search,fetch_content and get_codex_extra_flags returns web_search="live", and scripts/launch.sh passes these into build_inner_cmd), and those worker outputs (session.jsonl / logs) are read by the reviewer and orchestrator as part of the required workflow, so untrusted third‑party content can influence verdicts and orchestration decisions.