printing-press-publish
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to execute system commands includinggit,gh(GitHub CLI), and theprinting-pressbinary. These operations are core to the skill's purpose of managing repository state and publishing code.\n- [EXTERNAL_DOWNLOADS]: The setup process inSKILL.mdmay trigger a download and installation of theprinting-pressbinary viago install github.com/mvanhorn/cli-printing-press/v4/cmd/printing-press@latest. This targets a repository owned by the skill's author.\n- [REMOTE_CODE_EXECUTION]: The validation step inSKILL.mdexecutesgo run golang.org/x/vuln/cmd/govulncheck@v1.3.0 ./..., which downloads and runs a security scanning tool from the official Go vulnerability database. This is a standard security practice for Go development.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8). It ingests data from local CLI directories, such as.printing-press.jsonmanifests andREADME.mdfiles, and uses this content to populate pull request descriptions and novel feature tables.\n - Ingestion points: Reads metadata and documentation from local project directories via
printing-press library listand direct file reads as described inSKILL.md.\n - Boundary markers: Absent. The skill instructions describe direct interpolation of manifest fields and README excerpts into the PR body template.\n
- Capability inventory: The skill has broad capabilities including
Bash(git, gh, go, rm, cp),Write, andEdittool access as defined inSKILL.md.\n - Sanitization: Includes mandatory PII scrubbing and secret scanning (vendor-prefix tokens, gitleaks, trufflehog) to prevent data exposure, but does not specifically sanitize against malicious instructions in the input data that might influence the agent's PR generation logic.
Audit Metadata