pp-claude-agent-sdk-python-docs

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the '@mvanhorn' NPM registry scope and the 'github.com/mvanhorn' GitHub repository.
  • Evidence: npx -y @mvanhorn/printing-press-library install claude-agent-sdk-python-docs --cli-only and go install github.com/mvanhorn/printing-press-library/library/developer-tools/claude-agent-sdk-python-docs/cmd/claude-agent-sdk-python-docs-pp-cli@latest.
  • [COMMAND_EXECUTION]: The skill executes the claude-agent-sdk-python-docs-pp-cli binary with user-supplied arguments via the Bash tool.
  • Evidence: The Direct Use section instructions for running claude-agent-sdk-python-docs-pp-cli <command> [subcommand] [args] --agent.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature and a feedback command that can POST data to a remote endpoint if the CLAUDE_AGENT_SDK_PYTHON_DOCS_FEEDBACK_ENDPOINT environment variable is set.
  • Evidence: Documentation for the --deliver flag supporting webhook:<url> and the Agent Feedback section.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its verify command, which ingests and processes untrusted local source code.
  • Ingestion points: The verify command scans directories such as ./src for Python code.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided when the agent reviews code findings.
  • Capability inventory: The skill has the ability to execute shell commands and perform network requests via webhooks.
  • Sanitization: There is no evidence of sanitization or filtering of the source code being analyzed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 08:18 PM
Security Audit — agent-trust-hub — pp-claude-agent-sdk-python-docs