hermes-qq

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill installs an adapter (assets/qq.py) that connects to the public QQ gateway (QQ_WS_GATEWAY_URL), receives user-generated messages/events and downloads arbitrary attachment URLs (see _ws_receive_loop, _parse_event, _handle_c2c_message/_handle_group_message and _download_and_cache_attachment), so untrusted third‑party content is ingested and fed into the agent workflow (handle_message) and can influence subsequent actions.