pp-pypi
Warn
Audited by Snyk on May 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches live data from public PyPI sources (mentions "PyPI JSON API" and RSS commands like
pypi-pp-cli rss newest-packagesin SKILL.md), which are user-supplied/untrusted package metadata and release content that the agent is expected to read/parse (see the Agent Mode and "Parse .results" guidance), so third-party content could influence agent decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill directs operators/agents to run go install on remote repositories (e.g., github.com/mvanhorn/printing-press-library/library/developer-tools/pypi/cmd/pypi-pp-cli@latest and github.com/mvanhorn/printing-press-library/library/other/pypi-pp-cli/cmd/pypi-pp-mcp@latest), which fetches and builds remote code at install/runtime and is a required dependency for the skill to operate.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata