pp-archive-is

Warn

Audited by Snyk on May 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the CLI's "read", "get", and "tldr" commands fetch article text from public archive services (archive.today and the Wayback Machine) and Agent Mode emits structured "next_actions" based on that fetched content, so untrusted webpage content can be read and directly influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime fetches from archive.today (archive.is) and the Wayback Machine (e.g., web.archive.org) — e.g., read/get/save submit/lookup flows that return raw page/article text into the agent context (via read/get/tldr), so remote content from these URLs can directly influence model prompts.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 23, 2026, 09:47 PM
Issues
2
Security Audit — snyk — pp-archive-is