planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and templates explicitly instruct performing WebSearch and recording external URLs (see examples.md "WebSearch 'morning exercise benefits'" and notes.md "URL: [链接]"), which indicates the agent will fetch and ingest untrusted public web content and then read/interpret those findings as part of its workflow.