A CrewAI workflow can look clean on paper. The researcher reads. The analyst reasons. The writer drafts. The reviewer checks. A tool posts the result. Each agent has a role. Each task has a description. Each step appears to have a clear job. But roles are not security boundaries. If one agent reads untrusted content and passes a poisoned summary downstream, the rest of the crew may treat that summary as normal work product. The original source was external. The handoff now looks internal. That is the multi-agent version of prompt injection. Not one bad prompt. Not one obvious malicious document. Unsafe influence moving through agent handoffs. CrewAI is a framework for building collaborative groups of agents: a crew contains agents, tasks, process flow, memory, tools, callbacks, and execution behavior. The official docs describe a crew as a group of agents working together to achieve tasks, with a strategy for task execution, collaboration, and workflow.…