osxquery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly drives the user's browser and queries AXWebArea elements (see SKILL.md "When browser interaction is required..." and the osxquery-actions-usage.md example that sends "https://en.wikipedia.org/wiki/Main_Page" and then queries/clicks AXWebArea/AXLink), which means it can fetch and read untrusted public web content and act on it, enabling indirect prompt injection.