Untrusted clinical text (notes, claims, intake forms) can include prompt-injection payloads. Pattern: never let raw clinical text drive agent tool calls without an allow-list + structured output check.
This topic is a stub. The graph knows it exists and how it connects — the body will land in a future commit. See the external links for now.