open-computer-use-automation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes an unknown GitHub repo (iFurySt) with a Releases page that may host binaries plus instructions to globally install and run an unvetted CLI which requests sensitive OS-level accessibility/screen-recording permissions—making these sources potentially risky even though some links (example.com, youtu.be, ara.so) are benign references.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's README (SKILL.md) explicitly shows workflows that drive a browser (e.g., the "Custom Skill Integration" and "Example workflow" that types "https://example.com", presses Return, then calls get_app_state/take_screenshot) which causes the agent to browse and ingest arbitrary public web pages and UI content (untrusted third‑party content) and then act on that content via click_element/type_text, enabling indirect prompt injection.