planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and templates (e.g., examples.md showing "WebSearch", templates/findings.md "Research Findings" and "Visual/Browser Findings", and SKILL.md's 2-Action Rule about "view/browser/search operations") explicitly require performing web searches and recording browser results/URLs, meaning the agent will ingest and act on untrusted public web content that can influence its decisions.