pi-computer-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly captures window screenshots and returns semantic AX state (see "Always start a session with screenshot to select the controlled window and obtain AX refs" and the "Open URL in Safari" example) which lets the agent read arbitrary, potentially user-generated web page content from browsers like Safari, so untrusted third‑party content could influence subsequent actions.