Desktop Computer Automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and interprets screenshots from the user's desktop (via take_screenshot and act commands) and includes examples of interacting with a web browser (e.g., "search for the weather in Shanghai using the Chrome browser"), so the agent can be fed arbitrary, untrusted web pages or user-generated content shown on-screen.