burner-phone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (scripts/vision_helper.py) send screenshots to a configurable Senter server (SENTER_URL) and print the model-generated analysis, and SKILL.md/README explicitly require using that vision output verbatim to obtain coordinates and drive ADB actions, so external model responses from the Senter endpoint can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's scripts call the Senter server at the SENTER_URL (default http://localhost:8081) at runtime (POST to {SENTER_URL}/v1/chat/completions) and use the model's returned content to determine exact UI coordinates and actions, so that external endpoint directly controls the agent's instructions.