create-colleague

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required main workflow (Step 2 in SKILL.md and the tool table) explicitly instructs automated collection and browser scraping of user-generated third‑party content (e.g., tools/feishu_auto_collector.py, tools/feishu_browser.py, tools/dingtalk_auto_collector.py, tools/slack_auto_collector.py, tools/email_parser.py) and then reads/analyzes those messages/docs to build the Persona and Work Skill that govern subsequent actions, so untrusted third‑party content is ingested and can materially influence agent behavior.