pp-apple-docs
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of external software from the '@mvanhorn/printing-press-library' package on npm and the 'github.com/mvanhorn' repository via Go.
- [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>argument, enabling it to send the results of any documentation query to an arbitrary external URL. This provides a mechanism for unauthorized data transmission if an agent is manipulated into supplying a malicious endpoint. - [DATA_EXFILTRATION]: The skill includes a feedback mechanism that can be configured via environment variables (
APPLE_DOCS_FEEDBACK_AUTO_SEND,APPLE_DOCS_FEEDBACK_ENDPOINT) to automatically transmit local data to a remote server. - [COMMAND_EXECUTION]: The skill relies on the execution of the
apple-docs-pp-clibinary to perform its tasks, including reading from the local filesystem and performing network operations. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by retrieving external data from Apple's documentation endpoints to provide context for the agent.
- Ingestion points: Retrieves DocC JSON content from public Apple developer endpoints using the
doc getcommand. - Boundary markers: No delimiters or safety instructions are defined to separate the external documentation content from the agent's core instructions.
- Capability inventory: The tool possesses file system write capabilities (
--deliver file:) and network transmission capabilities (--deliver webhook:,feedback). - Sanitization: There is no documented evidence that the skill sanitizes or filters the retrieved documentation content before presenting it to the agent's context.
Audit Metadata