oh-story-claudecode-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to scrape and analyze public ranking pages and competitor chapters from third‑party platforms (起点, 番茄, 晋江, 知乎盐言) via the /browser-cdp workflow and /story-long-analyze (paste/fetch chapters), which means it ingests untrusted user-generated web content that can materially influence its writing and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill instructs users/agents to install code from the external repository https://github.com/worldwonderer/oh-story-claudecode (via Claude Code/OpenClaw or npx skills add), which at install/runtime fetches and loads remote skill code that directly controls agent prompts and behavior.