pp-digitalocean

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions facilitate downloading and installing software from external repositories:
  • Fetches and executes the @mvanhorn/printing-press package from the NPM registry using npx.
  • Installs the digitalocean-pp-cli and digitalocean-pp-mcp tools from the github.com/mvanhorn/printing-press-library repository using go install.
  • [COMMAND_EXECUTION]: The skill revolves around executing a broad range of system commands via the digitalocean-pp-cli tool to manage various cloud resources, including Droplets, firewalls, and billing information.
  • [DATA_EXFILTRATION]: The CLI tool includes a built-in output delivery feature (--deliver webhook:<url>) that can be used to POST sensitive cloud configuration and resource data to arbitrary external URLs.
  • [DATA_EXFILTRATION]: A feedback mechanism is present that can be configured to transmit local data to a remote URL defined by the DIGITALOCEAN_FEEDBACK_ENDPOINT environment variable.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its extensive capabilities and ingestion of external data:
  • Ingestion points: Processes command arguments and results retrieved from the DigitalOcean API.
  • Boundary markers: No specific boundary markers or delimiters are defined to isolate instructions from untrusted external data.
  • Capability inventory: Possesses wide-ranging cloud management permissions, local file writing capabilities, and network delivery options (webhooks).
  • Sanitization: No sanitization or validation logic for external content is described in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 09:49 PM
Security Audit — agent-trust-hub — pp-digitalocean