jarvis-mission-control
Warn
Audited by Snyk on Jun 26, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The skill’s runtime path ingests outsider-authored free text from OpenClaw session JSONL logs (e.g.,
server/agent-bridge.jsreads*.jsonland extracts the initial prompt/title/description from it), which can include arbitrary user/agent prompt content and is then written into Mission Control task fields that the dashboard/agents may later render into LLM context.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata