ai-article

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly requires Mode B to "使用联网搜索（如 web_search）" and to "补充来自 X（原 Twitter）的外界评价" and to build a mandatory “引用证据清单” with source links/dates, so the agent will fetch and interpret untrusted public/web and social-media content that can influence writing and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL instructs running a remote install script at runtime that is fetched and executed (curl -fsSL https://openclaw.ai/install.sh | bash), which directly executes remote code and is required for the skill's installation/runtime, so it poses a high risk.