pp-pypi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly directs the agent to query live PyPI public endpoints (e.g., "PyPI JSON API", and commands like pypi-pp-cli rss newest-packages / rss recent-updates) and to parse .results as part of the agent workflow, which means untrusted, user-generated package metadata and RSS content from the open web will be ingested and can influence subsequent agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires fetching and installing remote executables at runtime (via "npx -y @mvanhorn/printing-press install pypi --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/developer-tools/pypi/cmd/pypi-pp-cli@latest"), which downloads and installs code from external sources (GitHub/npm) that will be executed and are required for the skill to run.