openclaw-messaging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly includes commands like "openclaw message read --channel telegram --target @joelhooks" and swarmmail_inbox which fetch user-generated messages from third-party channels (Telegram, Slack, Discord, etc.), and the agent is expected to read and act on that content (sending replies or invoking agents), creating clear potential for indirect prompt injection.