pp-podscan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows an insecure pattern—podscan-pp-cli auth set-token YOUR_TOKEN_HERE—which instructs embedding an access token as a command-line argument (requiring the agent to include the secret verbatim), even though an environment-variable alternative is mentioned.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly drives the podscan-pp-cli to query the Podscan REST API (notably "search 51M+ podcast episodes" and the "episodes search" command that returns transcripts) and instructs agents to parse the .results in Agent Mode and optionally deliver outputs (e.g., webhook), meaning the agent will ingest untrusted, user-generated podcast content from the open web that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running remote code at runtime via the Printing Press installer (npx -y @mvanhorn/printing-press install podscan --cli-only) or by fetching and building a Go module (go install github.com/mvanhorn/printing-press-library/library/media-and-entertainment/podscan/cmd/podscan-pp-cli@latest), which downloads and executes third-party code that the skill depends on.