pp-airbnb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly scrapes public Airbnb SSR HTML pages and VRBO GraphQL endpoints (see "airbnb_listing get" — SSR HTML scrape and "vrbo_listing get" via GraphQL) and then uses that untrusted, user-provided third‑party content to extract hosts and derive direct-booking URLs (commands like cheapest, match, find-twin), so runtime behavior and agent decisions are driven by arbitrary third‑party web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent/user to fetch and run remote code at runtime via the installer commands (e.g., "npx -y @mvanhorn/printing-press install airbnb --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/travel/airbnb/cmd/airbnb-pp-cli@latest"), which download and execute external code and are required for the skill to run.