printing-press-amend
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various shell commands, including Git operations, GitHub CLI commands, and the printing-press binary for validating code and discovering API endpoints.
- [EXTERNAL_DOWNLOADS]: The instructions guide the user to install the printing-press binary from the author's GitHub repository (github.com/mvanhorn/cli-printing-press) if it is not already present on the system.
- [DATA_EXFILTRATION]: The skill accesses local session transcripts in ~/.claude/projects/ to extract friction signals. This data ingestion is balanced by a comprehensive PII scrubbing workflow that redacts credentials, entity names, and emails before any information is included in a public pull request. Two 'User-in-Loop' checkpoints are required to confirm the scope and the final PR content.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from session transcripts which could contain adversarial content. The risk is mitigated by summarizing findings into a structured list that the user must manually approve before the agent takes further action.
Audit Metadata