openclaw ai agent marketplace hit with prompt injection vulnerabilities in skills and tools.

security researchers from snyk found prompt injection attacks working on openclaw and skills.sh marketplaces, letting bad actors hijack ai agents through crafted inputs.

this comes right as openclaw partners with virustotal for scanning, but the exploits show how easy it is to abuse these agent ecosystems.

agents can execute code or leak data if not locked down tight.

source: posts from @yenkel and cybersecuritynews.com coverage on openclaw/virustotal partnership plus snyk findings.