pp-food52
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install external CLI and MCP components from GitHub (github.com/mvanhorn/printing-press-library) and npm (@mvanhorn/printing-press). These resources belong to the vendor identified in the skill metadata.
- [COMMAND_EXECUTION]: Operation of the skill requires executing shell commands for installation (npx, go install) and for interacting with the recipe database via the food52-pp-cli binary.
- [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook: option and a feedback command that allow sending data to external network endpoints. While these are functional features of the tool, they provide a mechanism for transmitting processed information over the network.
- [PROMPT_INJECTION]: The skill processes data from the Food52 website, establishing an indirect prompt injection surface.
- Ingestion points: External data enters the agent's context through commands that fetch recipes and articles (recipes get, articles get, etc.) from Food52.
- Boundary markers: The skill does not define specific boundary markers or instructions for the agent to ignore potentially malicious content within the fetched data.
- Capability inventory: The skill has access to the Bash tool to execute local CLI commands.
- Sanitization: There is no mention of sanitization or filtering of the data retrieved from the external website before it is presented to the agent.
Audit Metadata