pp-pypi

Warn

Audited by Snyk on May 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches live data from public PyPI sources (mentions "PyPI JSON API" and RSS commands like pypi-pp-cli rss newest-packages in SKILL.md), which are user-supplied/untrusted package metadata and release content that the agent is expected to read/parse (see the Agent Mode and "Parse .results" guidance), so third-party content could influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill directs operators/agents to run go install on remote repositories (e.g., github.com/mvanhorn/printing-press-library/library/developer-tools/pypi/cmd/pypi-pp-cli@latest and github.com/mvanhorn/printing-press-library/library/other/pypi-pp-cli/cmd/pypi-pp-mcp@latest), which fetches and builds remote code at install/runtime and is a required dependency for the skill to operate.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 23, 2026, 03:18 AM
Issues
2
Security Audit — snyk — pp-pypi