harmonyos-device-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly lets the agent open arbitrary URLs (e.g., "npx @midscene/harmony@1 launch --uri https://www.example.com"), fetch external reference images via HTTP in tap --locate (with "convertHttpImage2Base64" and an example image URL), and instructs the agent to "take a screenshot" and "read the saved image file to understand the current screen state" — all of which require ingesting untrusted third‑party content that the agent will interpret to decide next actions.