unclawg-respond

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated feedback and posted content from the OpenClaw API (see SKILL.md Execution Flow and the script's calls to GET /v0/approval-requests and GET /v0/approval-requests/{approval_id}/messages via _fetch_messages), and it directly parses that untrusted text (feedback, source_post_text, source_post_url, etc.) to decide actions and generate edited outputs, so third-party instructions could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes a runtime GET to the published soul endpoint (${OPENCLAW_API_URL}/v0/integrations/claw-runtime/policies/soul_md?agent_id=...) to load the agent "soul" which is then applied to constrain/shape generated outputs (voice, persona, boundaries), so a remote URL controls the agent's prompting/instruction behavior.