appfunctions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to run "adb shell cmd app_function list-app-functions" and to read and follow the untrusted AppFunction "description" field from installed third-party apps (references/adb-interaction-testing.md, "Follow Metadata Descriptions"), which lets arbitrary app-provided text influence agent actions.