story-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's story-researcher agent (references/templates/agents/story-researcher.md) explicitly uses a browser CDP (agent-browser) to Google/Bing-search, navigate to arbitrary result links extracted from search-result DOM, and extract page text (document.body.innerText) with WebSearch/webReader as fallback, meaning it fetches and ingests untrusted public web content that can influence research outputs and downstream agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The story-researcher agent explicitly performs runtime browser navigation to search URLs (e.g. https://www.google.com/search?q={query} and https://www.bing.com/search?q={query}) and then extracts target page content into project files/agent context, so external web pages fetched at runtime can directly influence agent prompts and outputs.