planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to perform "view/browser/search operations" (see the "2-Action Rule" in SKILL.md and the WebSearch example in examples.md) and to read and incorporate web search/browser results into findings.md and the task_plan, meaning arbitrary public web content can be ingested and can materially influence decisions and subsequent tool actions.