acp-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required flows (see "OpenClaw ACP runtime path" and "Direct acpx path" in SKILL.md) spawn external ACP harnesses and run acpx commands, then explicitly ingest and relay the final assistant text from those external agents/commands (acpx command result), which are untrusted third‑party outputs that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs runtime installation and execution of remote npm packages (e.g., "npm install --omit=dev --no-save acpx@" and runtime execution via "npx -y @zed-industries/claude-agent-acp" / other npx invocations), which fetch and run remote code during operation and are required for the ACP/acpx paths that drive harness prompts—so these package fetches constitute runtime external dependencies that can execute code and control prompts.