It's not a soluble problem, at least not completely. The big frontier models are better at resisting prompt injection, but any LLM is vulnerable to some degree. If you give it access to arbitrary inputs like the web and to your personal data, there's a risk it'll disclose stuff you don't want it to.

It's annoying, because I love OpenClaw as an idea, but I don't trust it enough to give it what it needs to be useful.