convos-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's bridge scripts and Agent Mode explicitly read untrusted, user-generated messages from convos agent serve stdout (the "message" ndjson events and their content field) and use that content in the agent's reply-generation logic (see "Bridge Scripts" -> "Generic Agent Bridge" and "OpenClaw Bridge"), so third-party messages can directly influence tool actions and responses.