pp-craigslist

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install external binaries and packages from the author's infrastructure.
  • Fetches the @mvanhorn/printing-press package via npx from the NPM registry.
  • Installs craigslist-pp-cli and craigslist-pp-mcp directly from the author's GitHub repository using go install.
  • [DATA_EXFILTRATION]: The tool features a --deliver webhook:<url> flag, which allows the agent to route command results and listing data to an arbitrary external URL. This represents a capability that could be misused to exfiltrate data if a malicious destination is specified.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it ingests and processes untrusted data from external Craigslist listings.
  • Ingestion points: Listing titles, descriptions, and metadata are ingested via the search, postings, since, and watch commands.
  • Boundary markers: The skill does not describe the use of delimiters or specific instructions to the agent to ignore embedded commands within the listing data.
  • Capability inventory: The agent has access to the Bash tool to execute shell commands, can write to local files via --deliver file:<path>, and can perform network requests via --deliver webhook:<url>.
  • Sanitization: No explicit sanitization or filtering of listing content is mentioned prior to the data being presented to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 02:33 AM
Security Audit — agent-trust-hub — pp-craigslist