build-openclaw-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's browser automation explicitly navigates to arbitrary URLs and extracts page text (references/browser-automation.md and the "Browser + LLM Task: Scrape and analyze" workflow), then passes that untrusted public webpage content into LLM Task or exec steps that can drive actions—exposing the agent to indirect prompt injection via scraped third-party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly enables and instructs use of very-high/high-risk primitives (exec, gateway restarts, cron, process management and browser automation) that perform shell commands, restart services, and create scheduled jobs — all of which can modify the host system state (and may require elevated privileges); guardrails and required user approvals mitigate but do not remove the substantial risk.