pp-ebay
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill issues commands that HTML-scrape public eBay pages (e.g., "listings — Active listing search (HTML scrape of /sch/i.html)" and "sold — Sold/completed listings (last 90 days, HTML scrape)"), ingests user-generated listing/sales content into its JSON .results for agent consumption, and uses that data to drive pricing/auction decisions and downstream actions (including webhook delivery), so untrusted third-party content can materially influence agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running remote code as a prerequisite (which an agent may perform at runtime), e.g. the Go installs "go install github.com/mvanhorn/printing-press-library/library/commerce/ebay/cmd/ebay-pp-cli@latest" and "go install github.com/mvanhorn/printing-press-library/library/commerce/ebay/cmd/ebay-pp-mcp@latest" (and the npx installer @mvanhorn/printing-press), which fetch and execute external code that the skill depends on.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata