nemoclaw-security-best

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's network policy and presets (see "Policy Presets" and "Operator Approval Flow" in SKILL.md / references/best-practices.md) explicitly allow the agent to fetch content from public endpoints like CDNs, npm/PyPI registries, Docker Hub, Hugging Face, Discord CDN, and arbitrary approved URLs, meaning untrusted user-generated third-party content can be retrieved and materially influence the agent's behavior (e.g., by installing packages, downloading models, or executing fetched artifacts).