pp-archive-is

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions to download and install executable code from external registries.
  • Uses npx to install the @mvanhorn/printing-press package from the NPM registry.
  • Uses go install to download and compile the archive-is-pp-cli tool directly from a GitHub repository.
  • [COMMAND_EXECUTION]: The skill is built around the execution of a local binary (archive-is-pp-cli) to perform web archival and retrieval operations.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver flag that allows the agent to route the output of its operations to arbitrary external webhooks or local file paths.
  • This feature enables the transfer of retrieved article text or metadata to third-party network endpoints, which could be misused to exfiltrate data if a malicious destination is provided.
  • [PROMPT_INJECTION]: The skill ingests and processes data from external sources, creating a risk of indirect prompt injection.
  • Ingestion points: The tool fetches article text and HTML from third-party archive backends (archive.today and the Wayback Machine) based on user-provided URLs.
  • Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions that might be embedded in the archived content.
  • Capability inventory: The agent has the ability to write to the local file system and perform network requests via the CLI's --deliver and feedback features.
  • Sanitization: The skill does not describe any sanitization or filtering of the fetched content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 09:47 PM
Security Audit — agent-trust-hub — pp-archive-is