planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and hooks (SKILL.md, templates/findings.md, and examples.md) explicitly instruct the agent to ingest web/search/browser results into findings.md and to re-read task_plan.md/findings.md before decisions, so untrusted public web content can be read and materially influence subsequent tool use and actions.