openclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes ingesting messages from public channels and webhooks (e.g., Telegram, WhatsApp, Discord, Synology Chat) in SKILL.md and references/channels-and-providers.md, meaning untrusted, user-generated content is read by the agent and can drive tool invocations and routing decisions.