auth-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run fast-browser-use snapshot/login against open/public check_url and login_url values from ~/.openclaw/auth-platforms.json (examples: https://linux.do, GitHub, 抖音, 小红书, Polymarket, X), parse DOM output and screenshots for login indicators/QR codes, and then make decisions or take follow-up actions, so it clearly ingests untrusted third‑party web content that can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and snapshots external webpages at runtime (e.g., https://linux.do and platform-specific check_url/login_url such as https://platform.com/login and https://example.com/dashboard) and parses the returned DOM to make decisions (active/expired/uncertain) that drive agent actions, so these URLs directly control the agent's behavior.