metaclaw-evolving-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The agent explicitly intercepts and records live user conversations via ConversationInterceptor/ExperienceBuffer.record and then runs SkillSummarizer.run to extract and SkillStore.upsert to persist new skills that are later injected by SkillInjector.retrieve into system prompts, meaning arbitrary, untrusted user-generated content can be read, interpreted, and reused to influence future agent behavior.