pp-context-dev

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading a command-line interface from vendor-controlled repositories.
  • Fetches the @mvanhorn/printing-press-library package via npx for installation.
  • Downloads and compiles the context-dev-pp-cli binary from the vendor's GitHub repository (github.com/mvanhorn/printing-press-library) using go install.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the context-dev-pp-cli tool to perform web intelligence tasks.
  • Provides an extensive command reference for scraping, crawling, and data extraction based on user-provided arguments.
  • [DATA_EXFILTRATION]: The tool includes built-in functionality to transmit data to external network endpoints.
  • The --deliver webhook:<url> parameter allows the agent to POST command results or scraped data to arbitrary external URLs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted web content.
  • Ingestion points: Ingests external data via scraping and crawling subcommands (SKILL.md).
  • Boundary markers: No explicit instructions are provided to the agent to treat scraped website content as untrusted or to ignore embedded instructions within that content.
  • Capability inventory: The agent can perform network operations (scraping and webhooks), write files, and execute CLI commands.
  • Sanitization: While the tool converts content to Markdown or JSON, there is no evidence of filtering to remove potential malicious instructions hidden in the source data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 04:56 PM
Security Audit — agent-trust-hub — pp-context-dev