picoclaw-traffic-guardian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SPEC.md and SKILL.md explicitly require the monitor to "inspect HTTP request/response text up to a bounded byte limit" and detect inbound/outbound injection/exfiltration from Picoclaw gateway traffic, which means the skill will ingest and interpret untrusted, third‑party HTTP/HTTPS content (arbitrary web traffic) as part of its workflow.