xiaoyue-companion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The repository includes an automated crawler/updater that fetches and parses public GitHub READMEs and other open web sources (see QUICKSTART.md / PROJECT_SUMMARY.md and config.py's GITHUB_RAW_README_URL / skill_store_updater main.py), and those untrusted, user-generated skill pages are ingested and synced into the skill store—which the agent can load/use—so third‑party content can influence agent behavior.