computer-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly lists scraping messages from third‑party chat apps ("爬飞书/微信群里的消息") and its core loop is "screenshot → Read → analyze → act", meaning the agent will capture and interpret untrusted, user‑generated content from local apps (WeChat/Feishu/Figma/etc.) and use that to drive actions, allowing indirect prompt injection via displayed third‑party content.