openclaw-pr-maintainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and interpret public, user-generated GitHub content (e.g., SKILL.md and commands like gitcrawl threads openclaw/openclaw ..., gh search, and the scripts/github-activity.sh calls to gh api repos/.../issues, gh api users/<login>, and GraphQL contributions), so untrusted third-party issue/PR bodies, comments, and profiles are read and used to make triage/label/close/landing decisions.