pp-drudgereport

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). The required runtime workflow can fetch and parse outsider-authored public web content (Drudge’s live HTML page and an unofficial RSS feed mirror) via the CLI commands like drudgereport-pp-cli page / feed / sync, and the parsed text/fields are then returned to the agent in JSON context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill requires installing the CLI via remote installers that fetch and run code at install time (e.g., "npx -y @mvanhorn/printing-press-library install drudgereport --cli-only" and "go install github.com/mvanhorn/printing-press-library/.../cmd/drudgereport-pp-cli@latest"), which are runtime-installation steps that fetch and execute remote code and are required for the skill to operate.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 02:33 AM
Issues
2
Security Audit — snyk — pp-drudgereport