pp-digitalocean
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions facilitate downloading and installing software from external repositories:
- Fetches and executes the
@mvanhorn/printing-presspackage from the NPM registry usingnpx. - Installs the
digitalocean-pp-clianddigitalocean-pp-mcptools from thegithub.com/mvanhorn/printing-press-libraryrepository usinggo install. - [COMMAND_EXECUTION]: The skill revolves around executing a broad range of system commands via the
digitalocean-pp-clitool to manage various cloud resources, including Droplets, firewalls, and billing information. - [DATA_EXFILTRATION]: The CLI tool includes a built-in output delivery feature (
--deliver webhook:<url>) that can be used to POST sensitive cloud configuration and resource data to arbitrary external URLs. - [DATA_EXFILTRATION]: A feedback mechanism is present that can be configured to transmit local data to a remote URL defined by the
DIGITALOCEAN_FEEDBACK_ENDPOINTenvironment variable. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its extensive capabilities and ingestion of external data:
- Ingestion points: Processes command arguments and results retrieved from the DigitalOcean API.
- Boundary markers: No specific boundary markers or delimiters are defined to isolate instructions from untrusted external data.
- Capability inventory: Possesses wide-ranging cloud management permissions, local file writing capabilities, and network delivery options (webhooks).
- Sanitization: No sanitization or validation logic for external content is described in the skill's instructions.
Audit Metadata