pp-fred
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
fred-pp-clitool from the vendor's repository using package managers. Specifically, it usesnpx -y @mvanhorn/printing-press-library install fred --cli-onlyandgo install github.com/mvanhorn/printing-press-library/library/other/fred/cmd/fred-pp-cli@latest. These resources are associated with the author's documented infrastructure. - [COMMAND_EXECUTION]: The skill functions by executing the
fred-pp-clibinary through shell commands to interact with the FRED API and local SQLite storage. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliverflag that allows routing command results to local file paths or remote webhook URLs. While a documented feature for automation, it provides a direct mechanism for data transfer that could be exploited. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the external FRED API and possesses capabilities like shell command execution and network delivery. \n
- Ingestion points: External time-series and metadata from the FRED API. \n
- Boundary markers: No explicit delimiters or instructions are used to separate API data from agent logic. \n
- Capability inventory: Shell access via the CLI, file-writing capabilities, and webhook posting. \n
- Sanitization: No validation or escaping of API-sourced content is described.
Audit Metadata