skill-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The auditor explicitly copies and ingests external skill packages (quarantine.sh copies a ClawHub/external skill directory) and audit_skill.py reads and processes SKILL.md and other files from that untrusted, user-provided source (the SKILL.md is explicitly parsed/flagged and noted as being loaded into the LLM context), so the agent is exposed to untrusted third-party content that could contain indirect prompt injection.