turix-mac

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md/README include explicit workflows and examples that make the agent open and read public websites (e.g., "Open Safari, go to google.com", "Search AI news and summarize", "Search for turix-cua on GitHub and star it") and the docs even recommend "Use web_fetch to gather information", while scripts/run_turix.sh accepts arbitrary task text—together showing the agent will fetch and interpret untrusted public web content which can change its actions.