nemoclaw-reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches blueprints and container images from public OCI/GitHub registries (architecture.md, "fetch.ts" and the Sandbox Environment ghcr.io link) and can enable web_fetch/Brave Search during onboarding (commands.md), meaning untrusted third-party artifacts and web content are ingested and can change blueprint/sandbox behavior and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly pulls and runs the sandbox container image ghcr.io/nvidia/openshell-community/sandboxes/openclaw (linked to https://github.com/NVIDIA/OpenShell-Community) at runtime, which is a required external artifact that is fetched and executes code inside the sandbox, so it can directly affect agent behavior.