pp-delta-trip

Warn

Audited by Snyk on Jun 22, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required runtime workflow is executing the delta-trip-pp-cli binary in --agent mode, which can fetch trip/flight/baggage data from external Delta-facing APIs and then inject that returned free-form text into the agent’s LLM context via the CLI’s JSON stdout/provenance envelope (outsider-authored content from third-party web/API responses).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running remote code at runtime via "npx -y @mvanhorn/printing-press-library install delta-trip --cli-only" and the Go module path "github.com/mvanhorn/printing-press-library/library/travel/delta-trip/cmd/delta-trip-pp-cli@latest", which fetches and executes external code that the skill depends on.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 08:00 AM
Issues
2
Security Audit — snyk — pp-delta-trip