story-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's story-researcher agent (references/templates/agents/story-researcher.md) explicitly uses a browser CDP and WebSearch/webReader to fetch and extract full pages from Google/Bing and arbitrary target URLs and returns structured research that the agents write into the project, meaning untrusted third‑party web content is ingested and can influence tool behavior and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The story-researcher agent explicitly uses CDP to navigate to and fetch live search/result pages at runtime (e.g., https://www.google.com/search?q={query} and https://www.bing.com/search?q={query}), pulling external page content into the agent's context and written reference files which can directly influence prompts/outputs.