OpenClaw can be manipulated through prompt injections in message objects to execute an attacker’s instructions instead of the owner’s.