Communicating with AI agents (like OpenClaw) via messaging apps (like Slack and Telegram) has become much more popular. But it can expose users to a largely unrecognized LLM-specific data exfiltration risk, because these apps support ‘link previews’ as a feature. With previews enabled, user data can be exfiltrated automatically after receiving a malicious link in an LLM-generated message – whereas without previews, the user would typically have to click the malicious link to exfiltrate data. For example, OpenClaw via Telegram is exposed by default. Test any agent / communication app pairing below!
URL previews - another thing we warned about for, oh yeah, this reason
OpenGraph tags in particular? Or do you mean something else?
OpenGraph is just one protocol used for previews, but other ones exist.
Link shortening, as a different example. Thankfully it finally sort of died. Pre-loading is another. Tiktok is uploading before the file is saved, is another.
