pp-loopnet

Fail

Audited by Snyk on Jun 28, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs pasting a browser "Cookie" header into a CLI command (loopnet-pp-cli auth set --cookies ""), which requires the LLM/agent to emit secret clearance cookies verbatim in commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill invokes loopnet-pp-cli to fetch LoopNet listing/inventory pages (e.g., via inventory, property, sync), and those pages include outsider-authored free text (listing descriptions and other user-submitted content) that the CLI parses and returns as JSON/fields into the agent’s LLM context.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 28, 2026, 09:03 AM
Issues
2
Security Audit — snyk — pp-loopnet