planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and templates explicitly instruct the agent to perform web searches and to read/save browser/view results (e.g., examples.md "WebSearch 'morning exercise benefits'", templates/findings.md "Resources" and the repeated "after every 2 view/browser/search operations" rule), which means the agent will fetch and interpret open web/public third‑party content (URLs, search results, pages) that is untrusted and could carry indirect prompt injection.