airtap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill repeatedly polls the external Airtap API (see scripts/airtap_common.py: api_get_task_details / poll_task and the SKILL.md "task poll" / references/openclaw.md guidance) and ingests untrusted user- and agent-generated "messages" from task snapshots, then interprets those texts (e.g., detecting plans and building/forwarding milestone or verbose updates) which directly influences whether and what gets sent via OpenClaw, so third-party content can materially change agent behavior.