pp-docker-hub

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the docker-hub-pp-cli tool from vendor-originated sources, specifically using npx for the @mvanhorn/printing-press package and go install for repositories under github.com/mvanhorn/printing-press-library.\n- [REMOTE_CODE_EXECUTION]: The skill relies on the execution of externally downloaded binaries (docker-hub-pp-cli and docker-hub-pp-mcp) to perform its intended tasks.\n- [COMMAND_EXECUTION]: The skill uses shell commands to install and interact with the CLI, including passing user input directly through the $ARGUMENTS variable.\n- [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag, allowing the results of any command to be POSTed to an arbitrary external URL, which represents a potential vector for data exfiltration.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its ingestion of data from public Docker Hub repositories.\n
  • Ingestion points: Data retrieved from Docker Hub via the docker-hub-search and repositories commands (SKILL.md).\n
  • Boundary markers: No boundary markers or instructions to ignore embedded commands within the fetched data are present.\n
  • Capability inventory: The agent has the Read Bash tool (SKILL.md) available, which can be leveraged to execute commands based on interpreted data.\n
  • Sanitization: There is no evidence of sanitization or filtering of external content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 03:17 AM
Security Audit — agent-trust-hub — pp-docker-hub