space-weread-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 1) runs scripts/fetch.py which POSTs to https://i.weread.qq.com/api/agent/gateway to pull user-generated notebooks, bookmarks, and reviews (e.g., /user/notebooks, /book/bookmarklist, /review/list/mine), and those notes/highlights are then read and directly drive the analysis and recommendations—exposing the agent to untrusted third-party content that can influence decisions.