0-Click Remote Code Execution in OpenClaw with GPT5.2 via Gmail Hook

Second part of the saga, now escaping sandbox with multi-layered prompt injection:

BrokenClaws: Escape the Sub-Agent Sandbox with Indirect Prompt Injection in OpenClaw (via Gmail Hook, 0-Click RCE)

https://veganmosfet.github.io/2026/02/15/openclaw_sandbox.ht...

Yet another "OpenClaw is insecure" post! I found this simple but elegant way to get silent RCE via email, exploiting prompt injection (despite countermeasures, there is no silver bullet) and insecure plugin handling (not skills!). I try to explain how it works and some ideas about hardening. Note: prompt injection attacks are out-of-scope in the security policy. Happy to get feedback.