space-weread-coach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required runtime workflow (scripts/fetch_corpus.py and SKILL.md) posts to https://i.weread.qq.com/api/agent/gateway to fetch user-generated notebooks, bookmarks and reviews into /tmp/space-weread-coach/corpus.json which the agent then reads and uses (pick_review.py and the citation/recommendation flows) — meaning untrusted third‑party user content is ingested and can materially influence the agent's outputs.