pp-alltrails
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the AllTrails CLI from the @mvanhorn NPM scope and the vendor's GitHub repository.
- [DATA_EXFILTRATION]: Supports the --deliver webhook option which allows sending command output to external URLs and transmits feedback to a remote endpoint if configured.
- [COMMAND_EXECUTION]: Executes the alltrails-pp-cli binary to perform map and trail operations.
- [PROMPT_INJECTION]: 1. Ingestion points: User-provided strings in the 'which' command and direct arguments. 2. Boundary markers: No explicit delimiters for untrusted data. 3. Capability inventory: Uses the Bash tool to run the CLI. 4. Sanitization: No mentioned input validation before execution.
Audit Metadata