clawtributor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md installation workflow explicitly fetches release artifacts and individual files from public GitHub endpoints (curl against api.github.com and https://github.com/.../releases) and arbitrary file URLs listed in checksums.json, then installs and uses those downloaded skill files (including skill.json), so untrusted third‑party content is ingested and can directly change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install scripts fetch required skill files at runtime from https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG (via the releases API at https://api.github.com/repos/prompt-security/ClawSec/releases), and those downloaded SKILL.md/.skill artifacts directly provide the skill prompts/behavior that the agent will execute/install.