mobilerun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Observe-Act workflow (SKILL.md and phone-api.md) instructs the agent to fetch and read device screenshots and the UI accessibility tree (GET /devices/{deviceId}/screenshot and GET /devices/{deviceId}/ui-state) and the Tasks API can have the agent open apps like Chrome to navigate pages (api.md), so the agent will ingest and act on arbitrary, untrusted third-party content shown on the device (web pages, social media, user-generated content), enabling indirect prompt injection.