pp-claude-agent-sdk-python-docs
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the '@mvanhorn' NPM registry scope and the 'github.com/mvanhorn' GitHub repository.
- Evidence:
npx -y @mvanhorn/printing-press-library install claude-agent-sdk-python-docs --cli-onlyandgo install github.com/mvanhorn/printing-press-library/library/developer-tools/claude-agent-sdk-python-docs/cmd/claude-agent-sdk-python-docs-pp-cli@latest. - [COMMAND_EXECUTION]: The skill executes the
claude-agent-sdk-python-docs-pp-clibinary with user-supplied arguments via the Bash tool. - Evidence: The Direct Use section instructions for running
claude-agent-sdk-python-docs-pp-cli <command> [subcommand] [args] --agent. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature and afeedbackcommand that can POST data to a remote endpoint if theCLAUDE_AGENT_SDK_PYTHON_DOCS_FEEDBACK_ENDPOINTenvironment variable is set. - Evidence: Documentation for the
--deliverflag supportingwebhook:<url>and theAgent Feedbacksection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its
verifycommand, which ingests and processes untrusted local source code. - Ingestion points: The
verifycommand scans directories such as./srcfor Python code. - Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided when the agent reviews code findings.
- Capability inventory: The skill has the ability to execute shell commands and perform network requests via webhooks.
- Sanitization: There is no evidence of sanitization or filtering of the source code being analyzed.
Audit Metadata