wechat-channel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Wechaty Bridge (scripts/wechat-bridge.js) receives arbitrary user- and group-generated WeChat messages via bot.on('message') and forwards them with axios.post to the OpenClaw webhook (config.openclawGatewayUrl + /webhook/wechat), so the agent directly consumes untrusted third-party content from WeChat users.