planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and examples (SKILL.md and examples.md) explicitly perform WebSearch/browser operations and instruct storing web/search results in findings.md (templates/findings.md), which the agent reads during planning/synthesis and before decisions—so untrusted public web content can be ingested and materially influence tool choices and next actions.