zerotoken-openclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s workflow and tool list (e.g., browser_open, browser_get_text, browser_get_html, browser_extract_data in “工具清单” and the “典型流程”/script execution sections) explicitly open arbitrary web pages and ingest page HTML/text from third‑party sites (including B站/小红书 examples), which the Agent must read and use to make decisions (DFU pause resolutions, var generation, subsequent tool calls), exposing it to untrusted third‑party content that could carry indirect prompt injection.