screen-control-operator

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are unverified developer/project-hosting domains (a generic subdomain, a .dev project preview, and a Cloudflare Pages site) that are not official vendor download sources and can host arbitrary content—including installers or scripts—so while no direct executable links are present, they should be treated as moderately high risk for malware distribution until verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill autonomously navigates to and scrapes arbitrary public websites (e.g., page.goto(url), the "test-url" CLI option, and GitHub Actions target_url) and ingests DOM/accessibility trees, element text, console logs and network requests, which are untrusted third-party/user-generated content that the agent reads and interprets as part of its workflow.