pp-eu-tenders

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external binaries from non-trusted sources using npx -y @mvanhorn/printing-press and go install github.com/mvanhorn/printing-press-library/.... These repositories are maintained by the skill author and are not part of the recognized trusted vendor list.
  • [DATA_EXFILTRATION]: The CLI tool implements a --deliver webhook:<url> flag, which enables the redirection of command output to any user-specified URL via HTTP POST. This capability can be exploited to exfiltrate processed data to external servers.
  • [COMMAND_EXECUTION]: The skill invokes a local binary eu-tenders-pp-cli and includes a sql subcommand capable of executing arbitrary SQL queries provided as strings, such as eu-tenders-pp-cli sql "SELECT...".
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its processing of external tender data.
  • Ingestion points: The skill ingests and processes EU public procurement notices from the TED database (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content within the processed notices.
  • Capability inventory: The skill possesses network capabilities (sync, webhooks), file system access (SQLite DB, feedback logs, profiles), and arbitrary command/SQL execution.
  • Sanitization: The instructions do not define sanitization or validation logic for data passed into the which natural language command or the sql execution command.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 05:29 PM
Security Audit — agent-trust-hub — pp-eu-tenders