pp-fireflies

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly syncs and pulls user-generated meeting transcripts from the Fireflies service (e.g., fireflies-pp-cli sync, transcripts pull, requires FIREFLIES_API_KEY and references app.fireflies.ai) and emits machine-readable --agent JSON (and can POST results via --deliver webhook:<url>), so untrusted third-party meeting content is ingested and can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running an external CLI by fetching and installing remote code at runtime (e.g., via npx -y @mvanhorn/printing-press or go install github.com/mvanhorn/printing-press-library/library/productivity/fireflies/cmd/fireflies-pp-cli@latest), which downloads and executes third‑party binaries that the skill depends on.