planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and templates (SKILL.md examples such as "Research Task" and templates/findings.md sections "Research Findings" and "Visual/Browser Findings") explicitly instruct performing WebSearch/browser/view operations and recording arbitrary URLs/resources, so the agent will fetch and read public third‑party web content that can influence its planning and actions.