planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and templates explicitly require performing "WebSearch" and viewing browser results (see examples.md Loop 2 "WebSearch 'morning exercise benefits'" and templates/findings.md "Visual/Browser Findings"), so the agent is expected to fetch and read open/public web content and record URLs/results—exposing it to untrusted, user-generated third‑party content that could carry indirect prompt injections.