clawsec-suite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests external advisory and catalog data at runtime (e.g., https://clawsec.prompt.security/advisories/feed.json and https://clawsec.prompt.security/skills/index.json as used by scripts/loaders and the advisory-guardian hook), and those community-driven advisories are parsed and used to gate installs, recommend removals, and drive approval/automation decisions—so untrusted third‑party content can materially influence agent actions.