pp-docker-hub
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
docker-hub-pp-clitool from vendor-originated sources, specifically usingnpxfor the@mvanhorn/printing-presspackage andgo installfor repositories undergithub.com/mvanhorn/printing-press-library.\n- [REMOTE_CODE_EXECUTION]: The skill relies on the execution of externally downloaded binaries (docker-hub-pp-clianddocker-hub-pp-mcp) to perform its intended tasks.\n- [COMMAND_EXECUTION]: The skill uses shell commands to install and interact with the CLI, including passing user input directly through the$ARGUMENTSvariable.\n- [DATA_EXFILTRATION]: The CLI tool supports a--deliver webhook:<url>flag, allowing the results of any command to be POSTed to an arbitrary external URL, which represents a potential vector for data exfiltration.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its ingestion of data from public Docker Hub repositories.\n - Ingestion points: Data retrieved from Docker Hub via the
docker-hub-searchandrepositoriescommands (SKILL.md).\n - Boundary markers: No boundary markers or instructions to ignore embedded commands within the fetched data are present.\n
- Capability inventory: The agent has the
Read Bashtool (SKILL.md) available, which can be leveraged to execute commands based on interpreted data.\n - Sanitization: There is no evidence of sanitization or filtering of external content before it is processed by the agent.
Audit Metadata