deepagents-planning-todos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and examples (references/todo-patterns.md and the README) explicitly show an internet_search tool using TavilyClient (tavily_client.search with include_raw_content) and instruct adding a Tavily-based internet_search to the agent, which means the agent can fetch and read arbitrary public web content (untrusted third-party/user-generated) as part of its workflow.