Skills
skills/mvanhorn/printing-press-library/pp-fireflies/Gen Agent Trust Hub

pp-fireflies

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the fireflies-pp-cli and fireflies-pp-mcp tools from vendor-owned repositories.
  • Evidence: npx -y @mvanhorn/printing-press install fireflies --cli-only in SKILL.md.
  • Evidence: go install github.com/mvanhorn/printing-press-library/library/productivity/fireflies/cmd/fireflies-pp-cli@latest in SKILL.md.
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands using the fireflies-pp-cli binary.
  • Evidence: Multiple examples of fireflies-pp-cli commands provided in the 'Unique Capabilities' and 'Recipes' sections of SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted meeting transcript data and its associated capabilities.
  • Ingestion points: Transcript data is retrieved and searched via commands like transcripts search and transcripts find (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the retrieved content as untrusted data.
  • Capability inventory: The skill has access to file system writes via the --append and --vault flags, and network capabilities via the --deliver webhook:<url> flag (SKILL.md).
  • Sanitization: No sanitization or filtering of the transcript content is performed before it is processed by the agent.
  • [DATA_EXFILTRATION]: The CLI tool includes a delivery mechanism that allows command output to be sent to arbitrary webhooks or local files.
  • Evidence: The --deliver flag documentation in SKILL.md supports webhook:<url> and file:<path> sinks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 03:00 AM