pp-craigslist
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install external binaries and packages from the author's infrastructure.
- Fetches the
@mvanhorn/printing-presspackage vianpxfrom the NPM registry. - Installs
craigslist-pp-cliandcraigslist-pp-mcpdirectly from the author's GitHub repository usinggo install. - [DATA_EXFILTRATION]: The tool features a
--deliver webhook:<url>flag, which allows the agent to route command results and listing data to an arbitrary external URL. This represents a capability that could be misused to exfiltrate data if a malicious destination is specified. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it ingests and processes untrusted data from external Craigslist listings.
- Ingestion points: Listing titles, descriptions, and metadata are ingested via the
search,postings,since, andwatchcommands. - Boundary markers: The skill does not describe the use of delimiters or specific instructions to the agent to ignore embedded commands within the listing data.
- Capability inventory: The agent has access to the
Bashtool to execute shell commands, can write to local files via--deliver file:<path>, and can perform network requests via--deliver webhook:<url>. - Sanitization: No explicit sanitization or filtering of listing content is mentioned prior to the data being presented to the agent context.
Audit Metadata