filesystem-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to offload large tool outputs such as "Web search returns 8000 tokens" to files and later read/grep those files (see "Pattern 1: Filesystem as Scratch Pad" and "Example 1: Tool Output Offloading"), which means untrusted public web/search results can be ingested and used to drive agent decisions.