pp-autotempest
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill documents the use of a
--deliver webhook:<url>flag, which allows the CLI tool to POST command output (JSON or NDJSON) to an arbitrary external URL. This represents a network egress surface that can be used to transmit data processed by the agent to remote servers. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes car listing data (titles, descriptions, and metadata) from various third-party marketplaces.
- Ingestion points: The
find,drops, andauctionscommands fetch live results from external car marketplaces. - Boundary markers: While the CLI uses a JSON envelope to separate results from metadata, the agent must still parse and interpret the external content.
- Capability inventory: The skill has the
Bashtool allowed, permitting it to execute CLI commands and interact with the file system. - Sanitization: No explicit sanitization or filtering of the listing content is mentioned prior to agent processing.
- [EXTERNAL_DOWNLOADS]: The skill instructions provide methods to download and install its core binaries from
github.com/mvanhornand the@mvanhornNPM scope. These are identified as vendor-owned resources. - [COMMAND_EXECUTION]: The skill requires the execution of shell commands for installation and operation. It manages a local SQLite database for car listings and a local feedback log (
~/.local/share/autotempest-pp-cli/feedback.jsonl).
Audit Metadata