pp-robinhood

Fail

Audited by Snyk on Jun 17, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill includes examples that instruct embedding API keys and a base64 private key directly into code and shows export commands with plaintext placeholders, which creates a pattern where an agent might be expected to accept and output secrets verbatim (high exfiltration risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill requires installing the CLI using a remote installer that will fetch and execute code at runtime (e.g., "npx -y @mvanhorn/printing-press-library install robinhood --cli-only" and the fallback "go install github.com/mvanhorn/printing-press-library/library/payments/robinhood/cmd/robinhood-pp-cli@latest"), which are runtime external installs that download and run remote code and are required for the skill to function.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a Robinhood trading/crypto CLI and includes concrete, writable financial actions: placing and cancelling crypto orders (post-trading-order / trading-orders-post / place_order), placing and cancelling brokerage equity and options orders (brokerage orders place, brokerage options place, cancel), and listing/creating transfers (deposits & withdrawals). It documents authentication with API keys/private keys and shows code that signs and POSTs order requests. While writes default to dry-run, the docs provide the exact gate (ROBINHOOD_PP_ALLOW_WRITES=1 and --live-write) required to perform live mutations. These are specific payment/trading APIs (crypto and brokerage) intended to move funds/execute trades, so this grants direct financial execution capability.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 03:50 AM
Issues
4
Security Audit — snyk — pp-robinhood