etl-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md includes an "From API" extractor (extract_from_api) that calls requests.get(api_url) to ingest remote API/URL JSON into the pipeline (and claw.json grants network permission), so the agent can fetch and parse arbitrary third‑party web content which could materially influence downstream processing and actions.