planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow explicitly requires performing web/browser/search operations and recording "Visual/Browser Findings" (see SKILL.md's "The 2-Action Rule", the "Visual/Browser Findings" section in templates/findings.md, and examples showing "WebSearch") so it ingests open/public web content into planning files that the agent rereads and uses to make decisions, enabling indirect prompt-injection from untrusted third-party sources.