planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to perform web/browser/search operations and to record and act on those results (see examples.md "WebSearch 'morning exercise benefits'", templates/findings.md "Update this file after every 2 view/browser/search operations", and SKILL.md references to "Browser returned data" and "Visual/Browser Findings"), so it ingests open/public third‑party content that can influence planning and subsequent tool actions.