clawsec-suite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches a community-driven advisory feed at runtime (e.g., https://clawsec.prompt.security/advisories/feed.json referenced in SKILL.md and used by loadRemoteFeed/handler.ts) and directly reads and interprets those advisories (used by hooks/guarded_skill_install.mjs and the advisory guardian handler) to recommend or gate installs/removals, exposing the agent to untrusted, user-sourced content that can materially influence actions.