Desktop Control

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill can open arbitrary URLs via the app.open command (e.g., app open "chrome" --arg "https://...") and then ingest whatever appears on-screen using screenshot/OCR commands such as screen.screenshot, screen.read-all-text, and screen locate-text-coordinates, which exposes the agent to untrusted public web content that could contain indirect prompt injection.