pp-cf-domain
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag, which allows the agent to transmit command results (potentially containing domain configurations or account metadata) to an arbitrary external URL via HTTP POST. - [EXTERNAL_DOWNLOADS]: The installation process fetches software from external sources, specifically the
@mvanhorn/printing-presspackage on NPM and thegithub.com/mvanhorn/printing-press-libraryrepository on GitHub. - [COMMAND_EXECUTION]: The skill requires executing shell commands for installation (
npx,go install), configuration (cf-domain-pp-cli auth), and operational tasks, which involves running a binary locally on the host system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes data from external Cloudflare APIs.
- Ingestion points: Data enters the context via
domain-searchanddomain-checkcommands inSKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore instructions embedded within the API responses.
- Capability inventory: The skill can execute shell commands (
bashtool), write to files via the--deliverflag, and perform network operations through the CLI's native API interactions and webhook feature. - Sanitization: There is no evidence of sanitization or validation of the content retrieved from the external API before it is processed by the agent.
Audit Metadata