pp-bandsintown
Fail
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool from a non-trusted repository (
github.com/mvanhorn/printing-press-library) and a non-trusted package registry (@mvanhorn/printing-press).\n- [REMOTE_CODE_EXECUTION]: The installation process involves downloading and running code vianpxandgo installfrom sources that are not identified as trusted vendors.\n- [DATA_EXFILTRATION]: The CLI tool features a--deliver webhook:<url>argument that allows command output to be POSTed to any external URL, creating a potential path for data exfiltration.\n- [DATA_EXFILTRATION]: Thefeedbackcommand is designed to send local data to a remote endpoint if theBANDSINTOWN_FEEDBACK_ENDPOINTenvironment variable is configured.\n- [COMMAND_EXECUTION]: The skill relies on executing thebandsintown-pp-clibinary to interact with the file system and network.\n- [PROMPT_INJECTION]: The skill ingests and processes data from external APIs (Bandsintown), which constitutes an attack surface for indirect prompt injection.\n - Ingestion points: API data processed by
bandsintown-pp-cli(SKILL.md)\n - Boundary markers: None identified\n
- Capability inventory: Shell command execution and arbitrary network POST requests via the webhook feature (SKILL.md)\n
- Sanitization: No evidence of validation or sanitization of external API content
Recommendations
- AI detected serious security threats
Audit Metadata