macpilot-ui-inspector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill can read and interact with the UI of arbitrary apps (explicitly including Safari via commands like "macpilot ui list --app 'Safari'", "ui find", "get-value", and "ui tree"), so it will ingest and interpret web page content and other user-generated/untrusted UI text from the open web, enabling indirect prompt injection.