planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md and examples.md) explicitly instructs the agent to perform WebSearch / view/browser/search operations and to write and read browser-returned data and URLs into findings.md (see the "2-Action Rule" and the Example "WebSearch 'morning exercise benefits'"), so it ingests untrusted public web content which can influence subsequent decisions and tool use.