research = await research_agent.call("Find Q3 earnings...")
analysis = await doc_agent.call(f"Analyze this data: {research}")
When one agent's output flows directly into another's input, you've created an implicit trust boundary. What happens if the research skill fetches data from a compromised source that includes adversarial instructions? The doc_agent receives {research} as trusted input but it's actually attacker-controlled content.
We're working on fixing that with parcle.ai/second-brain. Beta will be rolling out in a week.