task-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s worker-selection workflow explicitly instructs the agent to query and install worker templates from an external skills registry (references/worker-selection.md) — e.g., passing a custom HICLAW_SKILLS_API_URL (default https://skills.sh) to hiclaw-find-worker or installing from package URIs like nacos://… — which means the agent may fetch and interpret untrusted third‑party package/registry content that can change tooling/behavior.