planning-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). This skill's SKILL.md explicitly instructs the agent to import and analyze bookmarked/web content via a "Browser Extension" (e.g., "Import bookmarked research" and "Gather inspiring content from browser extension"), which means it ingests untrusted third‑party webpages and uses that content to drive planning and actions, enabling indirect prompt injection.