pp-espn
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the espn-pp-cli and espn-pp-mcp binaries from the author's repositories via npx and go install. These are vendor-owned resources.
- [COMMAND_EXECUTION]: Executes the espn-pp-cli tool to query sports data, manage local synchronization, and perform diagnostics.
- [DATA_EXFILTRATION]: Includes functionality to route data to external webhooks (--deliver webhook:) and append feedback to local files, which could be configured to send data to remote endpoints.
- [PROMPT_INJECTION]:
- Ingestion points: Processes sports scores, news, and statistics from ESPN's external APIs.
- Boundary markers: Recommends using the --select flag to filter API response fields.
- Capability inventory: Can perform network POST requests, write to local files, and execute SQL queries on a local SQLite database.
- Sanitization: No specific measures are mentioned for sanitizing or escaping the data fetched from external sports APIs.
Audit Metadata