pp-intervals-icu
Warn
Audited by Snyk on Jun 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The skill is a CLI wrapper around the intervals.icu REST API; at runtime, commands like
sync,form,since, andcurve comparefetch user-related activity/wellness/workout data from the intervals.icu service (outsider-authored content) and then return it as readable JSON/prose into the agent’s context via--agent/stdout.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running a remote CLI that is fetched-and-executed during setup/runtime (e.g., the npx package @mvanhorn/printing-press-library and the Go module URL github.com/mvanhorn/printing-press-library/library/other/intervals-icu/cmd/intervals-icu-pp-cli@latest), so these external sources supply and execute code the skill depends on.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata