printing-press-amend

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various shell commands, including Git operations, GitHub CLI commands, and the printing-press binary for validating code and discovering API endpoints.
  • [EXTERNAL_DOWNLOADS]: The instructions guide the user to install the printing-press binary from the author's GitHub repository (github.com/mvanhorn/cli-printing-press) if it is not already present on the system.
  • [DATA_EXFILTRATION]: The skill accesses local session transcripts in ~/.claude/projects/ to extract friction signals. This data ingestion is balanced by a comprehensive PII scrubbing workflow that redacts credentials, entity names, and emails before any information is included in a public pull request. Two 'User-in-Loop' checkpoints are required to confirm the scope and the final PR content.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from session transcripts which could contain adversarial content. The risk is mitigated by summarizing findings into a structured list that the user must manually approve before the agent takes further action.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 09:42 PM
Security Audit — agent-trust-hub — printing-press-amend