pp-printing-press-golden
Fail
Audited by Snyk on Jul 2, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). These URLs include an explicit malicious-looking domain (evil.example.com) and GitHub release/repo links that point to pre-built binaries/.mcpb bundles from small or fixture accounts (printing-press-golden / mvanhorn), which are common vectors for distributing executables — so the set looks suspicious and warrants caution before downloading or running anything.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Runtime LLM context can include free text from the live API response body (outsider-authored content) when commands run in
--data-source live/autoand--agentwraps the returned JSON into the agent-visibleresultsfield.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata