book-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from public third‑party sources (Z-Library via scripts/Zlibrary.py and Anna's Archive via annas-mcp as described in SKILL.md and scripts/book.py), and the workflow requires the agent to read and present untrusted book metadata/descriptions and use those results to decide which files to download, so third‑party content can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's setup.sh can download and install the annas-mcp binary at runtime from https://github.com/iosifache/annas-mcp/releases/download/... which fetches a remote executable that the skill may run as a subprocess, i.e. it executes remote code required for the Anna's Archive backend.