planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs the agent to perform web searches and read browser results (see examples.md Loop 2: "WebSearch 'morning exercise benefits'") and the templates/docs require capturing "Visual/Browser Findings" after view/browser/search operations, which means the agent will ingest untrusted public web/user-generated content as part of its routine.