forge-self

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and analyzes user-provided social media and chat exports (e.g., "微信聊天记录", "社交媒体导出", "微博/朋友圈/小红书") as part of Phase 2/Phase 4 and uses those parsed materials to derive persona traits and decision parameters, so untrusted third‑party/user‑generated content is read and can materially influence the agent's behavior.