pp-trigger-dev
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install external executable binaries using
go installfrom a GitHub repository (github.com/mvanhorn/printing-press-library) and vianpxfrom the NPM registry (@mvanhorn/printing-press). These resources originate from the skill's author/vendor. - [COMMAND_EXECUTION]: The skill is designed to drive a local binary (
trigger-dev-pp-cli) via shell commands to perform various management tasks. It requests theRead Bashtool to execute these operations, including real-time monitoring and database syncing. - [DATA_EXFILTRATION]: The CLI tool provides a built-in
--deliver webhook:<url>flag that allows the agent to POST command output (which may contain sensitive information like environment variable diffs or run data) to an arbitrary external URL. This represents a potential data exfiltration vector if not carefully managed. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided strings into shell commands for searching runs, querying capabilities, and recording feedback.
- Ingestion points: User queries for the
runs findcommand, thewhichdiscovery command, and text provided to thefeedbackcommand. - Boundary markers: None identified; user input is passed directly as arguments to the CLI tool.
- Capability inventory: The skill uses
Read Bashto execute shell commands with the interpolated input. - Sanitization: No explicit sanitization or escaping of the user-provided arguments is described in the instructions.
Audit Metadata