openclaw-pr-maintainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to search, read, and act on GitHub issues and PR text from the openclaw/openclaw repository (see the "Search broadly before deciding" and triage/landing guidance in SKILL.md), which are user-generated/public content that can influence merge/label/close actions and thus could carry indirect prompt-injection instructions.