openart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests untrusted, user-generated content from public endpoints (e.g., GET https://openclawart-production.up.railway.app/status, /winners/latest and /winners/history, the heartbeat.md file, and external Moltbook posts used for verification), and it explicitly instructs the agent to read and learn from winning prompts and heartbeat content as part of its workflow, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents at runtime to fetch and "follow" https://openclawart-production.up.railway.app/heartbeat.md (and to re-fetch https://openclawart-production.up.railway.app/skill.md for updates), which means remote Markdown is retrieved during execution and directly controls agent behavior/prompt submission.