openmaic-classroom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md OpenClaw Integration explicitly states the skill can generate classrooms from Feishu, Slack, Discord, Telegram (user-generated third‑party platforms) which the agent ingests and uses to produce lessons, so untrusted external content can directly influence generation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The OpenClaw lifecycle and installation explicitly clone and run the repository https://github.com/THU-MAIC/OpenMAIC.git at runtime (or during startup), meaning fetched remote code would be executed as a required dependency and can directly control agent behavior.