pp-learn-loop-example

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions recommend installing the CLI using npx -y @mvanhorn/printing-press-library install learn-loop-example, which fetches content from the npm registry.
  • [REMOTE_CODE_EXECUTION]: The installation process involves executing code from the @mvanhorn/printing-press-library package using npx.
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands for resource management. Additionally, the 'playbook' system instructs the agent to replay a sequence of stored CLI commands to fulfill user requests.
  • [PROMPT_INJECTION]: The 'Self-learning loop' exposes an indirect prompt injection surface (Category 8) by instructing the agent to treat stored, potentially user-influenced data as authoritative guidance.
  • Ingestion points: The agent retrieves data and instructions from a local SQLite database via the recall command (e.g., Playbook.steps and Notes).
  • Boundary markers: The instructions do not provide boundary markers or warnings to isolate or ignore malicious instructions that might be embedded in the recalled content.
  • Capability inventory: The agent has permissions to execute arbitrary bash commands (Read Bash tool) and can send data to external webhooks using the CLI's --deliver flag.
  • Sanitization: There is no mechanism described for sanitizing or validating the 'recalled' playbooks or notes before the agent is instructed to treat them as 'ground truth' and 'replay the steps.'
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 04:52 AM
Security Audit — agent-trust-hub — pp-learn-loop-example