session-logs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read and print raw session message text (e.g., using jq to extract user/assistant content and rg to search), which will verbatim expose any API keys, tokens, or passwords present in those logs, so it can and likely will output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill directly reads and searches session log files under $OPENCLAW_STATE_DIR/agents//sessions (e.g., .jsonl) which contain user-generated messages and map to external chat providers like discord/whatsapp, so untrusted third-party content is ingested and interpreted as part of the workflow.