planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's examples explicitly perform web searches and store external sources (e.g., examples.md shows a "WebSearch 'morning exercise benefits'" step and notes.md includes "URL: [link]"), so the agent is expected to fetch and ingest untrusted public web content into notes.md.