planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform and record web/browse/search operations (e.g., "The 2-Action Rule", "Visual/Browser Findings" in SKILL.md and templates/findings.md and the examples showing WebSearch), meaning the agent will ingest untrusted public web content which can materially influence planning and subsequent tool actions.