planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md "The 2-Action Rule" and examples.md showing "WebSearch" / "browser/search operations") explicitly expects the agent to perform web/browser/search operations and ingest external web results (stored into findings.md/resources), which are untrusted third‑party sources and are then read and used to drive planning and next actions.