pp-airframe
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes various shell commands to perform aircraft lookups and manage system health.
- The skill instructs the agent to run the 'airframe-pp-cli' tool for aircraft dossiers, owner lookups, and event research.
- It includes logic for the agent to detect the operating system and propose the use of system package managers (e.g., 'brew', 'apt', 'dnf', 'yay') for installing dependencies.
- The instructions explicitly include the use of 'sudo' for package installation on Linux distributions (e.g., 'sudo apt update && sudo apt install -y mdbtools').
- [EXTERNAL_DOWNLOADS]: Fetches external datasets and resources required for aviation forensics.
- Downloads approximately 80 MB from the FAA Aircraft Registry and 90 MB from the NTSB CAROL accident database during the sync process.
- Instructs the installation of CLI tools from the vendor's GitHub repository and npm registry.
- [REMOTE_CODE_EXECUTION]: Provides methods for downloading and executing executable code during setup.
- Recommends installation via npm/npx using the vendor-specific package '@mvanhorn/printing-press'.
- Provides a fallback installation method using 'go install' targeting the author's GitHub repository ('github.com/mvanhorn/printing-press-library').
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the aviation data it ingests.
- Ingestion points: Aircraft registry data, owner information, and accident history records retrieved from FAA/NTSB databases via the 'airframe-pp-cli' tool.
- Boundary markers: The instructions do not define boundary markers or 'ignore' instructions for the agent when processing tool output.
- Capability inventory: The skill possesses capabilities for reading files ('Read Bash'), executing system commands with 'sudo', and performing network operations via the CLI tool's sync function.
- Sanitization: No explicit sanitization or filtering of external aviation records is specified before the data is processed by the agent.
Audit Metadata