planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 2 "RESEARCH AND GATHER" explicitly requires the agent to "Search, read, explore" and store findings from external sources (examples mention "studies, articles") into notes.md, which the agent must re-read and use to drive decisions and output—exposing it to untrusted public third‑party content.