autoskill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests OCR'd window text and titles from the local screenpipe API (scripts/fetch_window.py calling /search on localhost:3030, exercised in run.py and tests with browser examples like "PubMed"/"bioRxiv"), and those cluster summaries are sent to the LLM via synthesize.py to decide/write SKILL.md proposals — meaning arbitrary third‑party/web content captured on the screen can influence agent decisions and tool outputs.