Show HN: BrokenClaw Part 5: GPT-5.4 Edition (Prompt Injection) (veganmosfet.codeberg.page) AI

A technical write-up tests OpenClaw with GPT-5.4 against indirect prompt-injection attacks in two tasks—web fetching and summarizing emails. The author reports that, despite injected “do not execute” safety notices, the model can follow attacker-provided encoded instructions, fetch additional URLs, and eventually execute untrusted shell/Python code (including a reverse-shell payload) without reliably asking for confirmation. The post concludes that soft guardrails and current countermeasures are inconsistent against these tool-mediated injection scenarios.