openclaw-release-maintainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read public third‑party content (e.g., the production Sparkle feed at https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml, GitHub release artifacts, and the public npm registry via npm view) and to interpret those reads as part of release decisions (version checks, feed updates, publish gating), so untrusted external content can materially influence tool use and next actions.