create-ex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2 in SKILL.md and the tools such as tools/wechat_parser.py, tools/social_parser.py and the Read tool) ingests user-provided chat logs, social-media posts/screenshots and exported files (untrusted user-generated content) and then uses that content to build Persona/Relationship Memory which directly drives agent behavior, creating a clear vector for indirect prompt injection.