create-ex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2 in SKILL.md / INSTALL.md) and parsing tools (e.g., tools/social_media_parser.py, tools/wechat_parser.py, tools/imessage_parser.py and the Read tool) explicitly ingest user-supplied social media exports, chat logs and photos (untrusted user-generated content) and then use that material to build Persona/Memories which directly determine agent behavior, so third‑party content can materially influence subsequent actions and enable indirect prompt injection.