skill-vetter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The vetting workflow explicitly requires reading SKILL.md files "from ClawHub, GitHub, or other sources" (public third‑party skill repositories), and those untrusted documents are parsed and used to make permission/verdict decisions, so arbitrary external content could insert instructions that influence the agent's analysis and actions.