mdrip-openclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests arbitrary public web pages via commands like "mdrip " (including raw ingestion and workspace snapshots), so the agent will read untrusted, user-provided third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes mdrip at runtime to fetch arbitrary external URLs (e.g., "mdrip ") and streams the fetched markdown directly into the current agent turn, so remote content can directly control prompts/instructions.