sweetlink

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SweetLink skill connects the agent to a real browser tab and explicitly reads and interacts with arbitrary web pages (e.g., DOM queries returning outerHTML, devtools console/network tails, screenshots) that can contain untrusted, user-generated third‑party content from the open web.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs actions that modify system-wide state—e.g., "sweetlink trust-ca" (to add a TLS CA) and global installs/daemon management—which can alter the system trust store or require elevated privileges and thus may compromise the machine.