pp-autotempest

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill documents the use of a --deliver webhook:<url> flag, which allows the CLI tool to POST command output (JSON or NDJSON) to an arbitrary external URL. This represents a network egress surface that can be used to transmit data processed by the agent to remote servers.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes car listing data (titles, descriptions, and metadata) from various third-party marketplaces.
  • Ingestion points: The find, drops, and auctions commands fetch live results from external car marketplaces.
  • Boundary markers: While the CLI uses a JSON envelope to separate results from metadata, the agent must still parse and interpret the external content.
  • Capability inventory: The skill has the Bash tool allowed, permitting it to execute CLI commands and interact with the file system.
  • Sanitization: No explicit sanitization or filtering of the listing content is mentioned prior to agent processing.
  • [EXTERNAL_DOWNLOADS]: The skill instructions provide methods to download and install its core binaries from github.com/mvanhorn and the @mvanhorn NPM scope. These are identified as vendor-owned resources.
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands for installation and operation. It manages a local SQLite database for car listings and a local feedback log (~/.local/share/autotempest-pp-cli/feedback.jsonl).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:24 AM
Security Audit — agent-trust-hub — pp-autotempest