story-long-write
Warn
Audited by Snyk on May 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to load and act on external/untrusted materials—e.g., Phase 4 step 2 reads "对标/{书名}/原文/第{N}章_*.md" (which may be imported via story-long-analyze) and also spawns a story-researcher agent to search external facts and write to references/; these steps require ingesting public/user-provided web or book content and using it to guide agent decisions and tool use.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata