create-ex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 2 "原材料导入" / "社交媒体内容" and the tools like tools/wechat_parser.py, tools/qq_parser.py, tools/social_parser.py, and tools/photo_analyzer.py) explicitly ingests user-supplied social media screenshots, chat exports and other user-generated/untrusted content and then analyzes that material to build the Relationship Memory and Persona which directly drive the agent's responses, creating a clear vector for indirect prompt injection.