fix: trim wrapped file input text

CHANGELOG.md

@@ -122,6 +122,7 @@ Docs: https://docs.openclaw.ai
 - Cron: suppress exact `NO_REPLY` sentinel direct-delivery payloads, keep silent direct replies from falling back into duplicate main-summary sends, and treat structured `deleteAfterRun` silent replies the same as text silent replies. (#45737) Thanks @openperf.
 - Cron: keep exact silent-token detection case-insensitive again so mixed-case `NO_REPLY` outputs still stay silent in text and direct delivery paths. Thanks @obviyus.
 - Core/approvals: share approval-not-found fallback classification through the narrow `plugin-sdk/error-runtime` seam so core `/approve` and Telegram stay aligned without widening `plugin-sdk/infra-runtime`. (#60932) Thanks @gumadeiras.
+- Gateway/file handling: wrap extracted uploaded text and text-like attachment content as untrusted external content before forwarding it to models, reducing prompt-injection risk from user-supplied files. (#60277) Thanks @hxy91819.
 
 ## 2026.4.2
 

src/gateway/openresponses-http.ts

@@ -602,11 +602,12 @@ export async function handleOpenResponsesHttpRequest(
                       },
                 limits: limits.files,
               });
-              if (file.text?.trim()) {
+              const text = file.text?.trim();
+              if (text) {
                 fileContexts.push(
                   renderFileContextBlock({
                     filename: file.filename,
-                    content: wrapUntrustedFileContent(file.text),
+                    content: wrapUntrustedFileContent(text),
                   }),
                 );
               } else if (file.images && file.images.length > 0) {