pp-setlist-fm
Fail
Audited by Snyk on Jun 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The skill documents authentication via an environment variable (safe) but also explicitly instructs using a CLI subcommand that takes the API token as a direct command-line argument (
setlist-fm-pp-cli auth set-token <key>), which would require the LLM/agent to handle and emit the secret verbatim—an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow executes
setlist-fm-pp-cliwith--agent, which fetches setlist/artist/user data from the setlist.fm API (outsider-authored public web content) and returns it as JSON into the agent’s LLM context via stdout.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite install steps fetch and execute remote code at runtime (via npx -y @mvanhorn/printing-press-library install setlist-fm and go install github.com/mvanhorn/printing-press-library/library/media-and-entertainment/setlist-fm/cmd/setlist-fm-pp-cli@latest), so external repositories are run as required dependencies.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata