correction to minilock pseudocode:

encrypted_file = hash(encrypt(file, file_key =  random(), file_nonce = random())

{ephemeral: ephemeral.public, {
  (nonce = random(): encrypt({
     sender: sender.public,
     recipient: recipient.public,
     file: encrypt({
       key: file_key, nonce: file_nonce,
       hash: hash(encrypted_file)
     }, recipient.public, sender.private, nonce)
  }, recipient.public, ephemeral.private, nonce)
)*}

since the recipient is already in the file information, it already has protection against Surreptitious Forwarding.