openclaw-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly accepts POSTed webhook payloads from external services at endpoints like POST /webhooks/openclaw (see SKILL.md and examples/express/src/index.js) where the untrusted "message" field is treated as a prompt/agent instruction and thus can directly influence agent actions.