awesome-openclaw-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly shows runtime workflows (e.g., the GitHub webhook example that fetches pull_request.diff_url and passes the diff into reviewer.process, plus Slack standup and Gmail inbox examples that collect and feed user messages/emails into agent.process) — these are untrusted, user-generated third-party contents that the agent reads and uses to drive actions like comments/triage, so they could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The quickstart explicitly clones and runs code from https://github.com/mergisi/awesome-openclaw-agents (git clone …; npm install; node bot.js), which fetches SOUL.md templates that directly control agent prompts/instructions and are executed as part of running the agent.