openclaw-media-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts arbitrary external image URLs via the --img-url parameter (used in video_create_task in scripts/media_gen_client.py) and downloads/forwards those third-party images (and can download resulting video URLs via _download_to_file), so untrusted public content is ingested and used by the generation workflow.