crush

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted user/third-party content (see SKILL.md "Import Raw Materials" and tools/wechat_parser.py, social_parser.py, screenshot_parser.py) and uses those parsed chat logs/posts/photos to build Memory/Persona and drive simulations/decisions, so that external/user-generated content can materially influence agent behavior.