backup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly instruct fetching and restoring configuration from third-party sources—e.g., "git clone git@github.com:username/openclaw-config.git", rsync/scp to user@server, and syncing with cloud folders/Dropbox in SKILL.md—which would pull user-generated/untrusted repo/files into ~/.claude and could materially change agent behavior by installing skills or settings.