pp-alltrails

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the AllTrails CLI from the @mvanhorn NPM scope and the vendor's GitHub repository.
  • [DATA_EXFILTRATION]: Supports the --deliver webhook option which allows sending command output to external URLs and transmits feedback to a remote endpoint if configured.
  • [COMMAND_EXECUTION]: Executes the alltrails-pp-cli binary to perform map and trail operations.
  • [PROMPT_INJECTION]: 1. Ingestion points: User-provided strings in the 'which' command and direct arguments. 2. Boundary markers: No explicit delimiters for untrusted data. 3. Capability inventory: Uses the Bash tool to run the CLI. 4. Sanitization: No mentioned input validation before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 07:56 AM
Security Audit — agent-trust-hub — pp-alltrails