desktop-computer-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to interact with and read desktop content (screenshots) and web browsers (e.g., the example act prompt "search for the weather in Shanghai using the Chrome browser") and even accepts external image URLs in the tap --locate example (https://github.githubassets.com/...), which demonstrates fetching and ingesting arbitrary third‑party web content/images that the agent must read and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running remote code at runtime via the npx command (npx -y @midscene/computer@1), which fetches and executes the @midscene/computer package from the npm registry and is required for the skill to operate, so this external runtime fetch executes remote code.