openclaw-small-bugfix-sweep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Read live target with gh" and to "Read body, comments, linked refs, changed files" (SKILL.md) and to use companion tools like $gitcrawl and $github-deep-review to ingest GitHub issue/PR content — public, user-generated sources that the agent must interpret and that can materially influence fixes and next actions.