openclaw-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents installing and loading third‑party skills from ClawdHub/GitHub ("clawdhub install", "clawdhub publish", "npx add-skill") and states that skills (markdown + optional scripts/assets) are "loaded into context when relevant" and read by the agent to decide actions, so untrusted user-provided skill content from public registries can be ingested and materially influence tool use.