printing-press-polish
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install the printing-press binary from the author's GitHub repository (github.com/mvanhorn/cli-printing-press). This is a legitimate vendor resource used for the skill's core functionality.
- [REMOTE_CODE_EXECUTION]: The skill compiles project source code using go build and subsequently executes the binary to run diagnostic checks (verify, scorecard, dogfood). This is the intended behavior for a code-polishing utility.
- [DATA_EXFILTRATION]: Provides functionality to publish the polished project to the mvanhorn/printing-press-library by opening a GitHub Pull Request, which involves sending local source code to a remote repository.
- [COMMAND_EXECUTION]: Extensively uses shell commands to manage files, execute diagnostics, and interact with development tools like git, go, and the GitHub CLI (gh).
- [PROMPT_INJECTION]: Identified as having an indirect prompt injection surface (Category 8) because it ingests and processes data from external specifications and research manuscripts to generate code and documentation. This is a characteristic of the tool's data processing pipeline. * Ingestion points: SKILL.md (lines 142-148, 172-184)
- Reads research.json and API specifications from the manuscripts directory. * Boundary markers: Absent in the analyzed instructions; the skill does not explicitly use delimiters to separate ingested data from agent instructions. * Capability inventory: SKILL.md (lines 280-330, 412-425)
- Employs Write and Edit tools to modify source files, followed by compilation (go build) and execution of the resulting binary. * Sanitization: SKILL.md (lines 332-400)
- Utilizes pii-audit and tools-audit to detect and mask sensitive information or improve quality before publication.
Audit Metadata