installer-tester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly expects and directs the agent to inspect public package/repository sources (e.g., "GitHub/npm/brew link shared" trigger, Phase 0's docs check with fallback to https://docs.openclaw.ai, manual review of SKILL.md, health checks like "last commit, stars, issues", and "follow the tool's install instructions (Homebrew, npm, pip)"), so it will ingest and act on untrusted third‑party web/docs/repo content that could contain instructions influencing install/validation decisions.