pp-apartments
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions and metadata guide the installation of CLI tools from the vendor's GitHub repository and NPM organization. Evidence includes
go install github.com/mvanhorn/printing-press-library/library/other/apartments/cmd/apartments-pp-cli@latestandnpx -y @mvanhorn/printing-press.- [DATA_EXFILTRATION]: The CLI includes built-in features that allow for the transmission of data to external endpoints. The--deliver webhook:<url>flag enables the delivery of command output to arbitrary HTTP destinations, and thefeedbackcommand can POST local data to a remote server defined by theAPARTMENTS_FEEDBACK_ENDPOINTenvironment variable.- [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by ingesting and processing untrusted HTML content from the web. - Ingestion points: The
rentalsandlistingcommands fetch and parse remote HTML from Apartments.com. - Boundary markers: No specific delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded in the scraped content.
- Capability inventory: The agent can execute bash commands and perform network operations via the CLI.
- Sanitization: No sanitization or filtering of the extracted web content is documented.
Audit Metadata