create-ex

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk — the repo contains deliberate tooling and prompt instructions to extract encryption keys from running WeChat processes (lldb / memory scanning / pymem), guidance to disable system protections (SIP), and automated SQLCipher decryption and parsing of chat databases, which directly enable access to and harvesting of private chat logs (privacy/data-exfiltration capability); while there are no explicit hidden network exfiltration or reverse-shell lines, the provided key-extraction + decryption tooling is a clear deliberate capability for unauthorized data access and misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly ingests untrusted, user-generated chat logs from third-party sources (WeChat PC SQLite via tools/wechat_decryptor.py and tools/wechat_parser.py and iMessage via tools/wechat_parser.py as described in SKILL.md / Step 2 and the README "Data Sources"), and then analyzes those messages (prompts/chat_analyzer.md → persona_analyzer.md → persona_builder.md) to build personas that directly drive runtime behavior, so external content can materially change tool decisions and actions.