screenclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and API docs (e.g., SKILL.md "理解目标 -> ... -> screenshot -> 读坐标" and references/api/screenshot.md / references/api/scroll_screenshot.md) instruct the agent to capture and analyze screenshots (including long-scrolling pages) of arbitrary windows/pages, meaning it ingests untrusted, user- or web-generated content displayed in those windows and uses that content to decide clicks/inputs—exposing it to indirect prompt injection from third‑party page content.