openclaw-relay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and parses messages from OpenClaw sessions (see list_sessions_payload -> run_openclaw(["sessions","--json"]), fetch_session, run_acpx/run_target_exec and the trimmed_session/simplify_message/maybe_parse_embedded_json code) and the session aliases explicitly target external channels (e.g., discord in config/session_aliases.json), so untrusted user-generated session content is read and interpreted as part of workflows like ask/publish and can influence subsequent actions.