planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly mandates performing "view/browser/search operations" and updating findings.md with "Visual/Browser Findings" and URLs (e.g., the "2-Action Rule" and findings.md template's "Resources" / "CRITICAL: Update after every 2 view/browser operations"), which requires ingesting browser-returned (likely public/untrusted) content that the agent is expected to read and use to drive decisions.