kimi-usage-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (notably scripts/fetch_usage.py called from SKILL.md and README) snapshot and parse the live Kimi console page at https://www.kimi.com/code/console via the OpenClaw browser tool, and that external page's content is directly read and used to decide spawning subagents and other autonomous actions, so untrusted third-party content can influence behavior.