github-trending

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). fetch_trending.py explicitly fetches https://github.com/trending and fetches each repository's README via the GitHub API, and send_wecom_summary.py (functions like extract_intro, find_section, extract_stack, summarize_item) directly reads and interprets that untrusted, user-generated README content to build and send messages, so third‑party content can influence the agent's outputs.