clawsec-feed

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and parses an external, community-driven advisory feed (e.g., DEFAULT_FEED_URL="https://raw.githubusercontent.com/prompt-security/ClawSec/main/advisories/feed.json" and GitHub releases API calls in the install/update steps) and the SKILL.md workflow instructs the agent to read that feed and act on advisories (notify, prioritize, recommend removal), so untrusted third‑party content can materially influence agent decisions.