screenshot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly captures and analyzes on-screen content (including browser windows and webpages) — e.g., scripts/look.py and SKILL.md/README show capturing browser windows by app/title (examples: --app Chrome, --title "LinkedIn"/"GitHub") and the README says it "Enables Claude to capture and analyze screen state", so arbitrary public web content rendered on-screen can be ingested and influence the agent.