openclaw-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s docs explicitly describe ingesting untrusted external content (e.g., Gmail Pub/Sub pushes and arbitrary HTTP webhook payloads mapped via docs/automation/gmail-pubsub.md and docs/automation/webhook.md) which the agent is instructed to run and summarize (including using messageTemplate, /hooks/agent runs, and delivery/model overrides), meaning third-party content can directly influence agent prompts, tool calls, and deliveries.