giggle-generation-speech

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly calls the public giggle.pro API in scripts/text_to_audio_api.py (e.g., /api/v1/project/preset_tones, /api/v1/generation/task/query and submit) and SKILL.md explicitly requires forwarding raw stdout and using stdout content in Cron handling, so untrusted third-party responses are read and can change agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). Flagged because the skill writes persistent files under ~/.openclaw and registers a recurring Cron job (30s) that changes system state and creates persistent scheduled execution — even though it doesn't request sudo or edit system-level configs, the cron registration and persistent logs introduce a significant persistent state change and potential for abuse.