pp-american-reindustrialization

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the american-reindustrialization CLI using the npx utility from the NPM package registry.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> argument, enabling command output to be transmitted to arbitrary remote HTTP endpoints.
  • [DATA_EXFILTRATION]: Includes a feedback command that can transmit local data to a remote endpoint if the AMERICAN_REINDUSTRIALIZATION_FEEDBACK_ENDPOINT environment variable is set.
  • [COMMAND_EXECUTION]: Executes the american-reindustrialization-pp-cli binary and uses shell commands for installation and verification.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the americanreindustrialization.com directory and jobs board.
  • Ingestion points: Publicly sourced company profiles, job listings, and sector analytics in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used during data processing.
  • Capability inventory: The agent can execute the CLI tool and perform filesystem operations via the Read Bash tool.
  • Sanitization: No automated sanitization of external data is mentioned prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:27 PM
Security Audit — agent-trust-hub — pp-american-reindustrialization