regulationsgov-comments-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill programmatically fetches public, user-generated comments from the Regulations.gov API (see SKILL.md and scripts/regulationsgov_comments_fetch.py which call {REGGOV_BASE_URL}/comments, and references/regulationsgov-api-notes.md), and those fetched comment bodies are returned and used in downstream workflows (OpenClaw chaining/templates) so untrusted third-party content can materially influence subsequent tool actions.