filesystem-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to offload and later read large tool outputs coming from web searches/public web content (see "Pattern 1: Filesystem as Scratch Pad" and Example 1 describing "Web search returns 8000 tokens" written to scratch/search_results_001.txt), so untrusted third‑party web content can be ingested and reread to influence agent actions.