book-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes a MaterialSearcher (scripts/material_searcher.py) and the SKILL.md/config.yaml explicitly require GOOGLE_CSE_ID/GOOGLE_API_KEY to perform Google Custom Search and download images/code/snippets from public websites, meaning untrusted third‑party web content is fetched and intended to be consumed/incorporated into generated book content so it could carry instructions that influence generation.