pp-beehiiv

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs storing an access token by passing it literally to a CLI command (beehiiv-pp-cli auth set-token YOUR_TOKEN_HERE), which requires including secret values verbatim in commands/outputs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs beehiiv-pp-cli commands that fetch publication/posts/subscriber data from the Beehiiv service (e.g., "insights post-performance", "posts show", "subscriptions index") and instructs use of --agent/JSON output that the agent is expected to parse (see "Agent Mode" and "Direct Use"), meaning untrusted/user-generated third-party content is read and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running remote code at runtime via "npx -y @mvanhorn/printing-press install beehiiv --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/marketing/beehiiv/cmd/beehiiv-pp-cli@latest", which fetches and executes external code and is a required dependency.