planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and examples explicitly instruct the agent to perform WebSearch/browser operations and write web/search results (untrusted third‑party content) into findings.md which the agent then reads and uses to guide planning and actions (and the skill also auto-reads plan files before tool calls), creating a clear path for indirect prompt injection from public web content.