localmac-ai-ocr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill sends screenshots to an external AI Studio OCR service (see scripts/ocr_tool.py aistudio_ocr which POSTs to AISTUDIO_OCR_API_URL) and the returned OCR text is directly used by the agent workflow (SKILL.md and ocr/find -> click-text flow) to decide clicks and actions, so untrusted third-party content can influence tool behavior.