phonebase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly exposes the agent to arbitrary web content via "pb browse " (Browser & Navigation) and instructs using "pb dumpc" to read UI text and "pb tap"/other actions to interact, so untrusted third‑party webpages shown on the cloud phone can be read and acted on and thus could supply indirect instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the user to run the installer at runtime via "curl -fsSL https://get.phonebase.cloud | sh", which fetches and immediately executes remote code (and is presented as the required installer for the pb CLI), so this URL is a high-confidence runtime dependency that executes remote code.