pp-apartments

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the apartments-pp-cli and apartments-pp-mcp binaries from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and an NPM package (@mvanhorn/printing-press).
  • [REMOTE_CODE_EXECUTION]: Executes code downloaded from remote repositories via go install and npx, and subsequently runs the installed binary to perform tasks.
  • [COMMAND_EXECUTION]: The skill's primary mode of operation is generating and executing shell commands to interact with the local CLI tool for searching and analyzing listings.
  • [DATA_EXFILTRATION]: Includes a functional capability (--deliver webhook:<url>) that allows the agent to send command outputs (which may include listing data or search results) to an arbitrary external URL.
  • [PROMPT_INJECTION]: Presents a surface for indirect prompt injection (Category 8) due to the following factors:
    • Ingestion points: Processes untrusted HTML data from external listing pages via the listing and rentals commands (SKILL.md).
    • Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the prompt templates.
    • Capability inventory: The skill can execute subprocesses, write to files, and perform network POST requests via webhooks.
    • Sanitization: No documentation of sanitization or filtering of the external listing data is provided.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 06:01 PM
Security Audit — agent-trust-hub — pp-apartments