security-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read untrusted, user-generated content (e.g., "Read the GHSA body with gh api /repos/openclaw/openclaw/security-advisories/<GHSA>" and use gh search/GitHub issues/PRs and npm view), so third‑party advisories, issues, and registry data are ingested and can directly influence triage decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the GitHub API at runtime (e.g. "gh api /repos/openclaw/openclaw/security-advisories/") to fetch advisory bodies that are then injected into the agent's drafting context, so fetched external content directly controls prompts.