mobilerun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflows explicitly fetch and ingest untrusted third‑party content — e.g., device screenshots (GET /devices/{deviceId}/screenshot) and the accessibility/UI tree (GET /devices/{deviceId}/ui-state) and task examples that open public sites like "Open Chrome, go to amazon.com" or "search for 'Italian restaurants near me'" — which the agent is expected to read/interpret and which can materially influence subsequent actions.