migrate-nanoclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and merges from an upstream Git remote (e.g., git fetch upstream with default https://github.com/qwibitai/nanoclaw.git) and creates an upstream worktree and merges upstream/skill branches (Phase 1/Phase 2), meaning it ingests and interprets third‑party repository content (user-generated code) which can materially change actions and merges.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches and checks out upstream code at runtime (default URL: https://github.com/qwibitai/nanoclaw.git) and then installs/builds/runs that code in a worktree (pnpm install / pnpm run build / pnpm run dev), which means remote repository content can supply and cause execution of code used by the agent.