openclaw-private-skills-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's "Public skill install" flow requires running "skills add '' ..." with a user-provided git URL (and the "Public skill update" flow runs "skills update --yes"), which causes the agent to fetch and install code from arbitrary public git repositories—untrusted third-party content that can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs runtime install commands that fetch and install remote repositories (e.g., skills add '' and the hard-coded GitHub prefix https://github.com/yanyang1116/skills/tree/main/skills/openclaw/…), so external content is fetched and installed as executable/agent skills which can control prompts or execute code.