coordination

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the coordinator to perform WebSearch/WebFetch and to use public payload repositories (see reference/creative-research.md WebFetch rules and reference/PATT_STANDARD.md / the PATT_URL/patt-fetcher flow), and those distilled RESEARCH_BRIEF lines and PATT_URL payloads are passed to executors (executor context / reference/executor-role.md) and therefore are read/interpreted and can materially change agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The coordinator/executor workflow explicitly instructs executors to fetch a PATT_URL at runtime (example: https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/), and those raw PATT payload files are injected/used to build executor prompts and test payloads — a runtime-fetched external resource that directly controls agent instructions.