planning-with-files-de

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and templates (SKILL.md and templates/findings.md) explicitly require performing browser/search operations and recording web/search results and URLs into findings.md (and the session-catchup script also ingests prior session messages), so the agent is expected to read and act on untrusted public/web-sourced content as part of normal operation.