pp-redfin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill drives the redfin-pp-cli to fetch and parse live Redfin/Stingray JSON (e.g., "homes" uses the Stingray /api/gis JSON endpoint and "listing" combines Stingray calls) and explicitly exposes --agent JSON output for agents to read and act on, so untrusted third‑party listing data from redfin.com is ingested and can influence subsequent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs an agent to install and run a required CLI by fetching and executing remote code at runtime (e.g., npx -y @mvanhorn/printing-press install redfin --cli-only and go install github.com/mvanhorn/printing-press-library/library/other/redfin/cmd/redfin-pp-cli@latest), which clearly downloads and executes external code that the skill depends on.