pp-defillama
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required workflow is executing the local
defillama-pp-clibinary with--agent, which returns DefiLlama data (API responses) as JSON/prose into the agent context; this is outsider-authored free text/data fetched at runtime from DefiLlama’s public service rather than user-authored content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents to "Read https://raw.githubusercontent.com/DefiLlama/defillama-skills/refs/heads/master/defillama-setup/SKILL.md and follow the instructions" (injecting remote doc content into the agent's context), and its setup commands (e.g.,
npx -y @mvanhorn/printing-press-library install defillama --cli-onlyandgo install github.com/mvanhorn/printing-press-library/library/other/defillama/cmd/defillama-pp-cli@latest) fetch and execute remote code required for the CLI, so external content can directly control prompts or execute code at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata