planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to perform web/browser/search operations and to capture and act on browser results (see SKILL.md "The 2-Action Rule" / "Read Before Decide" and templates/findings.md "Visual/Browser Findings", plus examples.md showing "WebSearch"), which means it ingests untrusted public web content that can influence decision-making.