forge-persona

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to ingest chat logs and social media content and produce persona files including fixed_phrases/evidence (verbatim quotes) written to disk, so any credentials present in those materials could be reproduced in outputs — there is no instruction to filter or redact secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 1 "素材收集" explicitly ingests user-generated social media and chat content (朋友圈/微博/聊天记录) using tools/social_parser.py and tools/wechat_parser.py and then uses those quotes/evidence directly in persona_builder to drive persona generation and subsequent behavior, so untrusted third-party/user-generated content is read and can materially influence agent actions.