planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (e.g., SKILL.md's "2-Action Rule" and "Read Before Decide" directives and the references/findings.md instructions) explicitly calls for "view/browser/search" and web-derived URLs/notes (and examples.md shows "WebSearch"), so the agent ingests open web/untrusted third-party content and uses those findings to drive decisions and next actions.