pp-fedex
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
fedex-pp-clitool via NPM (@mvanhorn/printing-press) and Go (github.com/mvanhorn/printing-press-library). These resources belong to the vendor's own namespace. - [DATA_EXFILTRATION]: Several commands allow routing sensitive data to external endpoints. The
--deliver webhook:<url>flag can send any command output, including shipment logs and accounting data, to an arbitrary URL. Additionally, thetrack watch --webhook <url>command continuously sends tracking event updates to a remote webhook. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
- Ingestion points: The skill processes external CSV files for bulk shipping (
ship bulk --csv) and PDF invoices for international shipping (ship etd --invoice). - Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are provided when the agent processes these external files.
- Capability inventory: The skill can execute shell commands (
Bash), perform network operations (FedEx API), and write files to the local system (--output). - Sanitization: No sanitization or validation of the input file content is mentioned before the data is interpolated into command arguments or processed by the CLI tool.
- [PROMPT_INJECTION]: There is a naming discrepancy in the skill metadata (Category 7), where the author name ('Trevin Chow') does not match the vendor handle ('mvanhorn') used for the primary tool repositories and package namespaces.
Audit Metadata