pp-defillama

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs binary tools and libraries from the vendor's NPM package (@mvanhorn/printing-press-library) and GitHub repository (github.com/mvanhorn/printing-press-library).
  • [COMMAND_EXECUTION]: Utilizes bash for tool installation via npx and go install, and executes the defillama-pp-cli binary to perform data queries.
  • [DATA_EXFILTRATION]: Includes a feature to deliver command output to arbitrary external URLs via the --deliver webhook: flag, which can be used to send processed data outside the controlled environment.
  • [DATA_EXFILTRATION]: Contains a feedback mechanism that stores data locally and can be configured to automatically transmit entries to a remote endpoint using the DEFILLAMA_FEEDBACK_AUTO_SEND environment variable.
  • [PROMPT_INJECTION]: Instructs the agent to read and follow instructions from a remote SKILL.md file on GitHub (raw.githubusercontent.com/DefiLlama/defillama-skills), which creates a surface for indirect prompt injection from an external, potentially untrusted source.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 07:50 PM
Security Audit — agent-trust-hub — pp-defillama