Why it matters
The Operator system card documents red teaming and mitigation choices for a computer-using agent, with prompt injections listed as a central risk area.
My takeaway: Operator System Card is a prompt-injection signal. The practical read is to test trust boundaries around instructions, retrieved content, tools, and user-controlled context instead of treating prompt wording as the primary control.