create-anyone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to automatically fetch and ingest open web content (e.g., "WebSearch" for public/historical figures and "Social media archive", "character wiki" in SKILL.md / README and Phase 3), so untrusted user-generated/public sources are read and used to build persona.json/training data and therefore can materially influence subsequent agent behavior and tool use.