openclaw-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts incoming webhooks (POST /hooks/agent) and treats the payload "message" as an agent prompt — per SKILL.md and references/overview.md it explicitly mentions sourcing messages from external services (e.g., GitHub, Gmail Pub/Sub, arbitrary provider mappings), so untrusted third-party content can be read and drive agent actions.