pp-seats-aero
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing external software via
npx -y @mvanhorn/printing-pressandgo install github.com/mvanhorn/printing-press-library/.... While these are vendor-provided resources, they originate from an author not on the trusted vendors list. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag, which allows redirecting command output (including travel availability and trip revalidation details) to arbitrary remote endpoints. This creates a risk of data exfiltration if the agent is directed to use a malicious URL. - [COMMAND_EXECUTION]: The skill executes the
seats-aero-pp-clibinary through shell commands. While used for legitimate search tasks, arbitrary argument injection could pose a risk if not properly handled by the underlying tool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external APIs and possesses high-privilege capabilities such as file system and network write access.
- Ingestion points: Data is ingested from the Seats.aero Partner API through the
availability,routes, andtripscommands (SKILL.md). - Boundary markers: No delimiters are specified to protect the agent context from potentially malicious instructions embedded in the API responses.
- Capability inventory: Shell command execution, network POST requests (
--deliver webhook:<url>), and local file writes (--deliver file:<path>). - Sanitization: There is no documented validation or sanitization of data returned from the API before it is processed by the agent.
Audit Metadata