clawshire-data-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary user-provided announcement URLs (see SKILL.md Workflow 3: "GET /api/v1/met_link?met_link=<url_encoded_link>") and the scripts (scripts/clawshire_client.py cmd_met_link) send those links to the API and display the returned extracted content, meaning the agent consumes untrusted public web content that can influence subsequent outputs/actions.