screen-recording

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Approach 2 (see SKILL.md "Virtual Display Recording" and references/approach2-xvfb.md) explicitly launches a real browser with a provided URL (record_browser(url, ...) / "DISPLAY=:99 chromium ...") and records that page, which clearly fetches and displays arbitrary public web content that could carry untrusted instructions affecting the agent's recorded output or interactions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs installing system packages (apt-get), using pip with --break-system-packages, starting system-level processes (Xvfb/ffmpeg) and explicitly launching Chromium with --no-sandbox (bypassing sandbox), all of which modify system state and imply privileged or security-bypassing actions.