unclawg-feed

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 "Gather Posts" explicitly fetches content from arbitrary public social URLs (e.g., X, Reddit, LinkedIn, Hacker News, YouTube, Instagram, TikTok or user-pasted URLs) and Phase 3 requires the agent to read and use that untrusted, user-generated content to generate and submit proposed replies, so third-party posts can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs a runtime fetch of the agent "soul" from "${OPENCLAW_API_URL}/v0/integrations/claw-runtime/policies/soul_md?agent_id=${OPENCLAW_AGENT_ID}" (e.g., https://api.unclawg.com/v0/integrations/claw-runtime/policies/soul_md?agent_id=...), and that returned document is the authoritative personality/instruction set the skill uses to generate replies, so remote content directly controls prompts and is a required runtime dependency.