pp-apartments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses live HTML from the public Apartments.com website (see commands like apartments-pp-cli listing, rentals, and sync-search in SKILL.md), so the agent will ingest untrusted third‑party web content which can influence its decisions and follow‑up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running remote code at runtime (via npx -y @mvanhorn/printing-press and go install of GitHub repos), e.g. github.com/mvanhorn/printing-press-library/library/other/apartments/cmd/apartments-pp-cli@latest and github.com/mvanhorn/printing-press-library/library/other/apartments/cmd/apartments-pp-mcp@latest, which fetches and executes external code that the skill depends on.