openclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes runtime web-fetching tools (see references/tools.md and SKILL.md notes about the web_search provider "kimi" and the two-step $web_search flow, plus MCP remote HTTP/SSE servers and browser fetch/SSRF settings), indicating the agent will fetch and ingest public/untrusted web content and then echo/synthesize it as part of its workflow, so third-party content can influence actions.