pp-defillama
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs binary tools and libraries from the vendor's NPM package (@mvanhorn/printing-press-library) and GitHub repository (github.com/mvanhorn/printing-press-library).
- [COMMAND_EXECUTION]: Utilizes bash for tool installation via npx and go install, and executes the defillama-pp-cli binary to perform data queries.
- [DATA_EXFILTRATION]: Includes a feature to deliver command output to arbitrary external URLs via the --deliver webhook: flag, which can be used to send processed data outside the controlled environment.
- [DATA_EXFILTRATION]: Contains a feedback mechanism that stores data locally and can be configured to automatically transmit entries to a remote endpoint using the DEFILLAMA_FEEDBACK_AUTO_SEND environment variable.
- [PROMPT_INJECTION]: Instructs the agent to read and follow instructions from a remote SKILL.md file on GitHub (raw.githubusercontent.com/DefiLlama/defillama-skills), which creates a surface for indirect prompt injection from an external, potentially untrusted source.
Audit Metadata