picoclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables third-party web search results (Brave Search / DuckDuckGo in "Enable web search") and accepts user-generated messages via the messaging gateway (Telegram/Discord/etc. in "Set up a messaging gateway"), both of which the agent is instructed to read and act on (e.g., heartbeat tasks that "Search the web for security advisories and summarize"), exposing it to untrusted external content that could inject instructions.