pp-ebay

Warn

Audited by Snyk on May 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill issues commands that HTML-scrape public eBay pages (e.g., "listings — Active listing search (HTML scrape of /sch/i.html)" and "sold — Sold/completed listings (last 90 days, HTML scrape)"), ingests user-generated listing/sales content into its JSON .results for agent consumption, and uses that data to drive pricing/auction decisions and downstream actions (including webhook delivery), so untrusted third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running remote code as a prerequisite (which an agent may perform at runtime), e.g. the Go installs "go install github.com/mvanhorn/printing-press-library/library/commerce/ebay/cmd/ebay-pp-cli@latest" and "go install github.com/mvanhorn/printing-press-library/library/commerce/ebay/cmd/ebay-pp-mcp@latest" (and the npx installer @mvanhorn/printing-press), which fetch and execute external code that the skill depends on.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 11:54 PM
Issues
2
Security Audit — snyk — pp-ebay