spool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill uses the OpenClaw browser to open and snapshot public Threads pages (https://www.threads.net — timelines, profiles, searches, and posts), so the agent reads and acts on untrusted, user-generated third‑party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit sudo commands and creates/enables a systemd service under /etc/systemd/system (modifying system files and requiring elevated privileges), which instructs the agent to perform privileged system changes.