desktop-control

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and code (SKILL.md "Typical Workflow" and scripts/screen.py cmd_read_ui) explicitly read the accessibility tree of the frontmost application and then use that output to identify targets and drive mouse/keyboard actions, meaning arbitrary untrusted web or app content shown on-screen could be ingested and influence subsequent actions.