pp-cf-domain

Pass

Audited by Gen Agent Trust Hub on May 27, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag, which allows the agent to transmit command results (potentially containing domain configurations or account metadata) to an arbitrary external URL via HTTP POST.
  • [EXTERNAL_DOWNLOADS]: The installation process fetches software from external sources, specifically the @mvanhorn/printing-press package on NPM and the github.com/mvanhorn/printing-press-library repository on GitHub.
  • [COMMAND_EXECUTION]: The skill requires executing shell commands for installation (npx, go install), configuration (cf-domain-pp-cli auth), and operational tasks, which involves running a binary locally on the host system.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes data from external Cloudflare APIs.
  • Ingestion points: Data enters the context via domain-search and domain-check commands in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore instructions embedded within the API responses.
  • Capability inventory: The skill can execute shell commands (bash tool), write to files via the --deliver flag, and perform network operations through the CLI's native API interactions and webhook feature.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from the external API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 27, 2026, 03:51 PM
Security Audit — agent-trust-hub — pp-cf-domain