openclaw-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes installing and loading third-party skills from ClawdHub and GitHub ("ClawdHub Ecosystem", "clawdhub install", "or publish to GitHub for npx add-skill") and states that "Skills ... get loaded into context when relevant" and can include scripts/assets, meaning untrusted, user-provided web content is fetched and ingested into the agent's runtime and can change its behavior.