planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to perform web searches and view/browser results (see examples.md "WebSearch 'morning exercise benefits'" and references/findings.md "Visual/Browser Findings" with the 2-Action Rule), meaning it fetches and ingests open/public web content that the agent is expected to read and use to drive decisions, which could enable indirect prompt injection.