gemini-computer-use

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The code explicitly captures screenshots and current URLs and sends them to the external Gemini API as part of the agent loop (a clear data-exfiltration/privacy risk); there are no obfuscated payloads, eval/exec, reverse shells, credential-stealing routines, or supply-chain tricks, but the screenshot + URL uploads to a remote model make this high risk for leaking sensitive data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The agent uses Playwright to load arbitrary public webpages (page.goto(args.start_url) and the "navigate" action page.goto(args['url']) in scripts/computer_use_agent.py) and sends screenshots/current URLs back to the model, so it clearly fetches and interprets untrusted third-party web content.