macos-terminal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly lets an agent run arbitrary shell commands (SKILL.md examples and scripts/window/run-script.applescript) and read terminal output/history (SKILL.md "Reading Output" and scripts/tab/contents.applescript, scripts/tab/history.applescript), so the agent can ingest untrusted, user/third-party content (e.g., pages fetched via curl/wget run in the terminal) that could materially influence subsequent tool use or decisions.