openclaw-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and ingests open/public third‑party content (e.g., scripts/search_client.py: web_search, full_search, tavily_extract, tavily_crawl and the /scholar/search/web and /tavily/* endpoints) and then reads and synthesizes those results via verity_search/explain_results, exposing the agent to untrusted user-provided web content that could contain indirect prompt injection.