research-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly spawns a collection subagent that uses a web crawler (crwl CLI) to fetch open web and document sources into .research/.../collect/evidence/*.md (Phase 2), and those untrusted third‑party files are subsequently read by the graphify and synthesizer steps to drive graph construction, synthesis, and gap‑fill decisions—allowing scraped, user‑generated content to materially influence agent actions.