tip-gui-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill sends captured screenshots and requests to a configured OpenAI-compatible baseUrl from the user's Tip settings (see describe_image_with_profile which posts to baseUrl + "/responses") and ingests the model's textual output into the CLI's "screenDescription" and intent fields that an agent would read and act on, exposing it to untrusted third-party model responses that could carry indirect prompt-injection instructions.