printing-press-publish

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute system commands including git, gh (GitHub CLI), and the printing-press binary. These operations are core to the skill's purpose of managing repository state and publishing code.\n- [EXTERNAL_DOWNLOADS]: The setup process in SKILL.md may trigger a download and installation of the printing-press binary via go install github.com/mvanhorn/cli-printing-press/v4/cmd/printing-press@latest. This targets a repository owned by the skill's author.\n- [REMOTE_CODE_EXECUTION]: The validation step in SKILL.md executes go run golang.org/x/vuln/cmd/govulncheck@v1.3.0 ./..., which downloads and runs a security scanning tool from the official Go vulnerability database. This is a standard security practice for Go development.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8). It ingests data from local CLI directories, such as .printing-press.json manifests and README.md files, and uses this content to populate pull request descriptions and novel feature tables.\n
  • Ingestion points: Reads metadata and documentation from local project directories via printing-press library list and direct file reads as described in SKILL.md.\n
  • Boundary markers: Absent. The skill instructions describe direct interpolation of manifest fields and README excerpts into the PR body template.\n
  • Capability inventory: The skill has broad capabilities including Bash (git, gh, go, rm, cp), Write, and Edit tool access as defined in SKILL.md.\n
  • Sanitization: Includes mandatory PII scrubbing and secret scanning (vendor-prefix tokens, gitleaks, trufflehog) to prevent data exposure, but does not specifically sanitize against malicious instructions in the input data that might influence the agent's PR generation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:21 PM
Security Audit — agent-trust-hub — printing-press-publish