picoclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs a gateway that starts channel listeners which ingest user-generated messages (references/channels.md and references/gateway.md), supports web fetch/search tools that pull public webpages (references/tools.md), and installs skills from public GitHub/registries (references/skills.md), all of which the agent is expected to read/interpret and can influence its actions—so it clearly consumes untrusted third‑party content that could inject instructions.