phone-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows the agent will read and act on UI text and content from third-party apps/web pages on the device (e.g., "Open the Play Store... share the first result link" and "In the Twitter app..."), meaning it ingests untrusted, user-generated public content via the Phone Agent SDK and can make follow-up actions based on that content.