android-emulator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly pulls the running app's accessibility tree via adb/uiautomator (see scripts/emu.sh ui-dump and ui-list and the SKILL.md "Input — label-based" / "Dump the current UI hierarchy" sections), prints app-provided labels/XML as part of the agent workflow, and then uses those untrusted labels to decide and perform actions (tap-label/hold-label), creating an indirect prompt-injection surface.