xiaoyue-companion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The repository includes an automatic crawler that fetches and parses public GitHub README/skill pages (see QUICKSTART.md, API_INTEGRATION.md and config.py's GITHUB_RAW_README_URL and the "python main.py --once" / crawler.py workflow described in PROJECT_SUMMARY.md/README), so untrusted, user-generated web content is ingested and used to build/update the skill store and drive API synces — allowing third‑party page content to materially influence agent behavior.