pp-apartments
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
apartments-pp-cliandapartments-pp-mcpbinaries from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and an NPM package (@mvanhorn/printing-press). - [REMOTE_CODE_EXECUTION]: Executes code downloaded from remote repositories via
go installandnpx, and subsequently runs the installed binary to perform tasks. - [COMMAND_EXECUTION]: The skill's primary mode of operation is generating and executing shell commands to interact with the local CLI tool for searching and analyzing listings.
- [DATA_EXFILTRATION]: Includes a functional capability (
--deliver webhook:<url>) that allows the agent to send command outputs (which may include listing data or search results) to an arbitrary external URL. - [PROMPT_INJECTION]: Presents a surface for indirect prompt injection (Category 8) due to the following factors:
- Ingestion points: Processes untrusted HTML data from external listing pages via the
listingandrentalscommands (SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the prompt templates.
- Capability inventory: The skill can execute subprocesses, write to files, and perform network POST requests via webhooks.
- Sanitization: No documentation of sanitization or filtering of the external listing data is provided.
- Ingestion points: Processes untrusted HTML data from external listing pages via the
Audit Metadata