clawflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's included examples (examples/inbox-triage.lobster and examples/pr-intake.lobster) explicitly fetch user-generated third-party content (gog.gmail.search for inbox messages and gh pr list for GitHub PRs) and pipe that untrusted content into an LLM classify step (openclaw.invoke) whose outputs directly drive conditional tool actions, which could allow indirect prompt-injection to change behavior.