pi-planning-with-files

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and templates explicitly require performing "view/browser/search" operations and recording "Research Findings" from web searches/browser results (see the 2-Action Rule and Findings template and examples), meaning the agent ingests open web/browser search output as part of its workflow and then reads that content to guide decisions.