create-crush

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests untrusted user/third-party content (Step 2: "Source Material Import") — e.g., wechat_parser.py, qq_parser.py, social_parser.py, photo_analyzer.py and the Read tool — and then uses that content to build persona.md/memory.md and drive runtime behavior (persona/memory layers and confession/date/analyze prompts), so external page/posts/chat content can materially influence agent actions.