pp-setlist-fm

Fail

Audited by Snyk on Jun 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill documents authentication via an environment variable (safe) but also explicitly instructs using a CLI subcommand that takes the API token as a direct command-line argument (setlist-fm-pp-cli auth set-token <key>), which would require the LLM/agent to handle and emit the secret verbatim—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow executes setlist-fm-pp-cli with --agent, which fetches setlist/artist/user data from the setlist.fm API (outsider-authored public web content) and returns it as JSON into the agent’s LLM context via stdout.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite install steps fetch and execute remote code at runtime (via npx -y @mvanhorn/printing-press-library install setlist-fm and go install github.com/mvanhorn/printing-press-library/library/media-and-entertainment/setlist-fm/cmd/setlist-fm-pp-cli@latest), so external repositories are run as required dependencies.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 04:58 AM
Issues
3
Security Audit — snyk — pp-setlist-fm