gemini-computer-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The agent autonomously navigates to arbitrary start URLs and web pages (see scripts/computer_use_agent.py: page.goto(args.start_url) and navigate actions) and sends screenshots/URLs from those public sites to the model as part of the agent loop (build_function_responses/contents in the main loop), so untrusted third-party web content can influence the model's function_call actions and subsequent browser actions.