zlib-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically queries and ingests untrusted public content from Z-Library (scripts/Zlibrary.py calls the 1lib.sk EAPI endpoints) and Anna's Archive (scripts/book.py invokes annas-mcp and parses its plaintext output), and those search results/metadata are parsed and used by the workflow to decide which books to present and download, allowing third-party content to materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup script (scripts/setup.sh) fetches and installs a third‑party binary from the GitHub releases URL (https://github.com/iosifache/annas-mcp/releases/download/${ANNAS_VERSION}/${filename}), and the skill later executes that annas-mcp binary via subprocess, so runtime behavior includes downloading and running remote code.