Context-Inappropriate Capability
Medium
- Confidence
- 92% confidence
- Finding
- The skill goes beyond simple orchestration by sending direct Discord messages and using `openclaw agent` to trigger a fresh agent execution from a background script. That creates an implicit cross-session control channel where untrusted task data such as topic and generated report path are turned into a new agent prompt, increasing the risk of prompt injection, unintended actions, and privilege expansion outside the original user interaction.
