desktop-control

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly includes Web Search and Search & Scraping models (e.g., linkup/search, linkup/fetch, firecrawl/scrape, scrapingdog/*) and Document Processing (reducto/parse with inputs.document_url) which fetch and ingest arbitrary public URLs/search results, so the agent would read untrusted third‑party web content that could contain instructions influencing subsequent actions.