localmac-ai-ocr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill posts screenshots to a cloud OCR service (AISTUDIO_OCR_API_URL) and consumes the returned, untrusted OCR text (see SKILL.md and scripts/ocr_tool.py / gui_toolkit.py aistudio_ocr/normalize_aistudio_ocr_result) which is then used to find text and drive GUI actions like click-text, so third‑party responses can indirectly inject instructions that change agent behavior.