Skills
skills/mvanhorn/printing-press-library/pp-docker-hub/Gen Agent Trust Hub

pp-docker-hub

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the docker-hub-pp-cli and docker-hub-pp-mcp tools using go install from github.com/mvanhorn/printing-press-library and npx from the @mvanhorn/printing-press package on npm. These resources are maintained by the identified vendor.
  • [COMMAND_EXECUTION]: The skill operates by executing the docker-hub-pp-cli binary with various arguments. It also includes an installation step that executes npx or go install in the shell.
  • [DATA_EXFILTRATION]: The CLI tool features a --deliver webhook:<url> flag. This capability allows the agent to send the JSON-formatted output of any command to an arbitrary external URL via an HTTP POST request. While a documented feature of the Printing Press library for data routing, it constitutes a potential vector for data exfiltration if directed to untrusted endpoints.
  • [COMMAND_EXECUTION]: The skill includes a docker-hub-pp-cli which command that processes natural language queries to resolve CLI capabilities, which involves internal command mapping based on user input.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 05:56 PM