pp-bandsintown

Fail

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool from a non-trusted repository (github.com/mvanhorn/printing-press-library) and a non-trusted package registry (@mvanhorn/printing-press).\n- [REMOTE_CODE_EXECUTION]: The installation process involves downloading and running code via npx and go install from sources that are not identified as trusted vendors.\n- [DATA_EXFILTRATION]: The CLI tool features a --deliver webhook:<url> argument that allows command output to be POSTed to any external URL, creating a potential path for data exfiltration.\n- [DATA_EXFILTRATION]: The feedback command is designed to send local data to a remote endpoint if the BANDSINTOWN_FEEDBACK_ENDPOINT environment variable is configured.\n- [COMMAND_EXECUTION]: The skill relies on executing the bandsintown-pp-cli binary to interact with the file system and network.\n- [PROMPT_INJECTION]: The skill ingests and processes data from external APIs (Bandsintown), which constitutes an attack surface for indirect prompt injection.\n
  • Ingestion points: API data processed by bandsintown-pp-cli (SKILL.md)\n
  • Boundary markers: None identified\n
  • Capability inventory: Shell command execution and arbitrary network POST requests via the webhook feature (SKILL.md)\n
  • Sanitization: No evidence of validation or sanitization of external API content
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 15, 2026, 10:58 PM
Security Audit — agent-trust-hub — pp-bandsintown