claw-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes an OpenAI-compatible HTTP endpoint that accepts arbitrary client-sent messages (references/openai-compat.md: /v1/chat/completions) and documents support for third-party webchat frontends (ChatGPT-Next-Web, Open WebUI, LobeChat) — meaning untrusted, user-generated content can be ingested at runtime (and influence session state and agent actions), with CORS/auth settings described in the same file.