pp-allrecipes
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install external binaries using
npx -y @mvanhorn/printing-pressandgo install github.com/mvanhorn/printing-press-library/.... These commands download and execute code from third-party repositories (NPM and GitHub). - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag, which allows the agent to POST command output (which may include recipe data or local file contents) to an arbitrary external URL. This represents a potential exfiltration vector if the agent is manipulated into sending sensitive information. - [COMMAND_EXECUTION]: The skill is designed to execute the
allrecipes-pp-clibinary with high autonomy (using the--agentflag which implies--yesand--no-input), allowing for extensive shell-based operations on the local system. - [INDIRECT_PROMPT_INJECTION]: The tool fetches and processes external recipe data from Allrecipes.com and articles. This creates a surface for indirect prompt injection where malicious instructions embedded in recipe content could influence the agent's behavior during data processing or cookbook generation.
- Ingestion points: Recipe pages and articles fetched via
recipes get,recipes search, andarticle <url>. - Boundary markers: Not explicitly defined in the prompt instructions for data handling.
- Capability inventory: The skill can execute shell commands via
allrecipes-pp-cli, write files via the--deliver file:<path>sink, and perform network requests via thewebhooksink. - Sanitization: No explicit sanitization or validation of the external recipe data is mentioned before it is rendered or compiled into cookbooks.
Audit Metadata