openclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill clearly ingests untrusted user-generated content — e.g., messages from public channels (WhatsApp/Telegram/Discord) routed to agents via the "channels" and "bindings" workflows, webhook POSTs under "Task E" (hooks) and cron job messages in "Task D" — and those inputs are read/interpreted by agents to drive actions, so third-party content can influence tool use and behavior.