pp-defillama

Warn

Audited by Snyk on Jun 22, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The required workflow is executing the local defillama-pp-cli binary with --agent, which returns DefiLlama data (API responses) as JSON/prose into the agent context; this is outsider-authored free text/data fetched at runtime from DefiLlama’s public service rather than user-authored content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents to "Read https://raw.githubusercontent.com/DefiLlama/defillama-skills/refs/heads/master/defillama-setup/SKILL.md and follow the instructions" (injecting remote doc content into the agent's context), and its setup commands (e.g., npx -y @mvanhorn/printing-press-library install defillama --cli-only and go install github.com/mvanhorn/printing-press-library/library/other/defillama/cmd/defillama-pp-cli@latest) fetch and execute remote code required for the CLI, so external content can directly control prompts or execute code at runtime.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 07:50 PM
Issues
2
Security Audit — snyk — pp-defillama