dependency-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill routinely fetches and parses public, user-authored content—e.g., scripts/check.py's check_github_skill pulls GitHub Contents API entries and the raw SKILL.md (download_url), scripts/check.py's check_clawhub_skill calls the CLAWHUB_API, and check_openclaw_version queries the npm registry—and it incorporates commit messages, changelogs, and remote SKILL.md diffs into its update-detection logic and generated reports, so untrusted third‑party content is read and can materially influence reported decisions/notifications.