gstack-openclaw-retro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs git fetch origin main and many git log commands against origin/main to ingest commit messages, PR references, and repository file contents (user-generated content from the remote repo, e.g., public Git hosting), and then uses that data to drive analysis, rankings, narratives, and actions—meaning untrusted third-party content can materially influence the agent's behavior.