android-adb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill captures device screenshots and UI dumps (see cmdScreenshot/cmdDumpUI and cmdHandleVerification) and sends those images/text to the external ai-vision "plan-next" tool (invoked in cmdHandleVerification using npx scripts/ai_vision.ts and requiring ARK_BASE_URL/ARK_API_KEY), so it ingests untrusted, user-generated third‑party content shown in apps/webviews on the device and relies on the agent to interpret it.