openclaw-secret-scanning-maintainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's fetch-content command (scripts/secret-scanning.mjs -> cmdFetchContent) retrieves issue/PR/comment/discussion bodies from GitHub (user-generated, public content) into a body_file which the agent is explicitly required to read in Step 2 ("Decide") to identify/redact secrets and then drive deletion/recreation/notification actions, so untrusted third-party content can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls GitHub APIs / repo URLs at runtime (e.g. discussion/comment URLs like https://github.com/openclaw/openclaw/discussions/#discussioncomment- and API endpoints under repos/openclaw/openclaw/...) to fetch issue/PR/comment bodies which are written to temp files and then read by the agent (i.e., injected into the model context) to drive its redaction decisions, so remote content directly controls the agent's prompts.