pp-metacritic
Fail
Audited by Snyk on Jun 20, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). This prompt includes explicit examples that embed an API key in CLI arguments (e.g.,
--api-key your-token-here) and instructs exporting METACRITIC_API_KEY or saving keys in profiles, which can cause an agent to include user secrets verbatim in commands or outputs.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The skill is a read-only Metacritic “Printing Press CLI” that fetches public web content from Metacritic’s backend (e.g., title detail, reviews, search) at runtime; those responses are ingested as readable JSON/text into the agent’s LLM context via the CLI’s
--agent/--jsonstdout output.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's setup requires running remote-install commands that fetch and execute code at runtime — e.g., "npx -y @mvanhorn/printing-press-library install metacritic --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/media-and-entertainment/metacritic/cmd/metacritic-pp-cli@latest" — which are external runtime dependencies that execute remote code.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata