clawsweeper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The required runtime workflow ingests outsider-authored free text from GitHub issues/PRs (e.g., gitcrawl gh issue view ... --json ... body,comments,... and gitcrawl sync ... --include-comments --with pr-details), which includes other users’ titles/bodies/comments into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a runtime checkout (test -d ../clawsweeper || git clone https://github.com/openclaw/clawsweeper.git ../clawsweeper and git -C ../clawsweeper pull) and then sed-reads files including prompts/review-item.md to import repository instruction grounding, so the URL https://github.com/openclaw/clawsweeper.git is used at runtime to fetch content that directly controls agent prompts.