create-star-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated content (lyrics via tools/lyrics_fetcher.py from music.163.com, B站 videos/comments via tools/bilibili_fetcher.py, and 微博 posts via tools/weibo_fetcher.py) and its prompts/workflow (prompts/persona_builder.md and prompts/knowledge_router.md) require the agent to read and use that untrusted content to generate personas and route responses, so third‑party content could materially influence agent actions.