gemini-computer-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's script (scripts/computer_use_agent.py) directly loads arbitrary public pages with page.goto(args.start_url) and the "navigate" action (page.goto(args["url"])), and then returns screenshots and the current URL to the model via build_function_responses (FunctionResponse including url and image), so untrusted third‑party page content can be interpreted by the model and influence subsequent function_call actions that control the browser.