pp-american-reindustrialization
Warn
Audited by Snyk on May 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill drives a CLI that syncs and queries the public company directory and jobs board at americanreindustrialization.com (see "A read-only CLI for the company directory and jobs board at americanreindustrialization.com" and commands like
whats-new,openings find, and live/local queries), so the agent ingests and acts on untrusted, public/user-generated content that could contain malicious instructions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires running "npx -y @mvanhorn/printing-press install american-reindustrialization --cli-only", which fetches and executes remote package code from the npm registry (e.g. https://registry.npmjs.org/@mvanhorn/printing-press), so a required installation step would execute remote code that can control the local CLI used by the agent.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata