pp-drudgereport
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.78). The required runtime workflow can fetch and parse outsider-authored public web content (Drudge’s live HTML page and an unofficial RSS feed mirror) via the CLI commands like
drudgereport-pp-cli page/feed/sync, and the parsed text/fields are then returned to the agent in JSON context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill requires installing the CLI via remote installers that fetch and run code at install time (e.g., "npx -y @mvanhorn/printing-press-library install drudgereport --cli-only" and "go install github.com/mvanhorn/printing-press-library/.../cmd/drudgereport-pp-cli@latest"), which are runtime-installation steps that fetch and execute remote code and are required for the skill to operate.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata