tech-analysis-auntie

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory data-collection steps require performing web_search queries (e.g., the "数据获取方式" and "搜索最新财报" commands in Step 1) to fetch public third-party financial/web content and explicitly instruct the agent to use those results for analysis and trading decisions, which exposes it to untrusted user-generated/open-web content that can influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs the agent to execute and write files under /root (e.g., echo >> /root/.openclaw/... and cat > /root/.openclaw/..., plus running /root scripts), which modifies the host filesystem in root-owned locations and thus can change machine state and likely requires elevated privileges even though it does not explicitly request sudo or create users.