nuwa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory Phase 1 "六路并行调研" requires fetching and ingesting open web content (social media, interviews, public websites) via the documented search cascade (tavily_search/tavily_extract → scripts/search.sh which uses ddgs+trafilatura → browser tool navigate+snapshot) and explicitly requires agents to read and cite those URLs, so untrusted third‑party content can directly influence the distilled Skill and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime search/extract tool (scripts/search.sh) explicitly fetches arbitrary HTTPS pages (example usage: bash {skillDir}/scripts/search.sh --extract "https://...") using trafilatura and returns the page text that is then injected into the research artifacts used to generate the SKILL (and the README also instructs agents to clone the repo at https://github.com/kylefu8/nuwa-openclaw-skill), so external URLs fetched at runtime can directly control the agent's prompts/outputs and install/run remote code via pip installs—flagging https://github.com/kylefu8/nuwa-openclaw-skill and the runtime extraction pattern "https://..." used by scripts/search.sh.