mobilerun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, user/web content via device screenshots and UI state (GET /devices/{deviceId}/screenshot and GET /devices/{deviceId}/ui-state) and lets on-device agents open arbitrary apps/websites (e.g., "Open Chrome, go to amazon.com..." in SKILL.md/tasks), so the agent will read/interpret public/user-generated content that can materially influence actions and thus enable indirect prompt injection.