pp-apple-docs

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of external software from the '@mvanhorn/printing-press-library' package on npm and the 'github.com/mvanhorn' repository via Go.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> argument, enabling it to send the results of any documentation query to an arbitrary external URL. This provides a mechanism for unauthorized data transmission if an agent is manipulated into supplying a malicious endpoint.
  • [DATA_EXFILTRATION]: The skill includes a feedback mechanism that can be configured via environment variables (APPLE_DOCS_FEEDBACK_AUTO_SEND, APPLE_DOCS_FEEDBACK_ENDPOINT) to automatically transmit local data to a remote server.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the apple-docs-pp-cli binary to perform its tasks, including reading from the local filesystem and performing network operations.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by retrieving external data from Apple's documentation endpoints to provide context for the agent.
  • Ingestion points: Retrieves DocC JSON content from public Apple developer endpoints using the doc get command.
  • Boundary markers: No delimiters or safety instructions are defined to separate the external documentation content from the agent's core instructions.
  • Capability inventory: The tool possesses file system write capabilities (--deliver file:) and network transmission capabilities (--deliver webhook:, feedback).
  • Sanitization: There is no documented evidence that the skill sanitizes or filters the retrieved documentation content before presenting it to the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 07:35 AM
Security Audit — agent-trust-hub — pp-apple-docs