openclaw-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to fetch and read external, potentially untrusted content (e.g., "npm view openclaw ..." to resolve tarballs, "gh run view" and Actions artifacts like failures.json/summary.json, and accepting source=url or artifact tarball inputs), and those fetched results are used to choose reruns and commands, so third-party content can materially influence agent decisions and tool use.