plan-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md and templates/findings.md and examples.md) explicitly instructs the agent to perform WebSearch/view browser results and to read/write "browser returned data" and external "Resources" URLs (e.g., the 2-Action Rule and Read vs Write Decision Matrix), meaning it ingests open web content that can influence decisions and subsequent tool use.