planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and templates (examples.md and templates/findings.md) explicitly call out performing "WebSearch" and capturing "Research Findings", "Resources" (URLs), and "Visual/Browser Findings", so the agent is expected to fetch and read arbitrary public web content (e.g., external URLs like the manus.im blog), exposing it to untrusted third‑party input.