pp-delta-trip
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The required runtime workflow is executing the
delta-trip-pp-clibinary in--agentmode, which can fetch trip/flight/baggage data from external Delta-facing APIs and then inject that returned free-form text into the agent’s LLM context via the CLI’s JSON stdout/provenance envelope (outsider-authored content from third-party web/API responses).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running remote code at runtime via "npx -y @mvanhorn/printing-press-library install delta-trip --cli-only" and the Go module path "github.com/mvanhorn/printing-press-library/library/travel/delta-trip/cmd/delta-trip-pp-cli@latest", which fetches and executes external code that the skill depends on.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata