pp-movie-goat
Warn
Audited by Snyk on May 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches live data from public third‑party APIs (see "Auth Setup" requiring TMDB_API_KEY and optional OMDB_API_KEY) and returns those results to agents via commands like
ratings,discover, andtonight(with--agentJSON output), so untrusted/public content is ingested and can materially influence agent decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata