pp-american-reindustrialization
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
american-reindustrializationCLI using thenpxutility from the NPM package registry. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>argument, enabling command output to be transmitted to arbitrary remote HTTP endpoints. - [DATA_EXFILTRATION]: Includes a
feedbackcommand that can transmit local data to a remote endpoint if theAMERICAN_REINDUSTRIALIZATION_FEEDBACK_ENDPOINTenvironment variable is set. - [COMMAND_EXECUTION]: Executes the
american-reindustrialization-pp-clibinary and uses shell commands for installation and verification. - [PROMPT_INJECTION]: The skill ingests untrusted data from the americanreindustrialization.com directory and jobs board.
- Ingestion points: Publicly sourced company profiles, job listings, and sector analytics in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are used during data processing.
- Capability inventory: The agent can execute the CLI tool and perform filesystem operations via the
Read Bashtool. - Sanitization: No automated sanitization of external data is mentioned prior to processing.
Audit Metadata