pp-fred

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the fred-pp-cli tool from the vendor's repository using package managers. Specifically, it uses npx -y @mvanhorn/printing-press-library install fred --cli-only and go install github.com/mvanhorn/printing-press-library/library/other/fred/cmd/fred-pp-cli@latest. These resources are associated with the author's documented infrastructure.
  • [COMMAND_EXECUTION]: The skill functions by executing the fred-pp-cli binary through shell commands to interact with the FRED API and local SQLite storage.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver flag that allows routing command results to local file paths or remote webhook URLs. While a documented feature for automation, it provides a direct mechanism for data transfer that could be exploited.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the external FRED API and possesses capabilities like shell command execution and network delivery. \n
  • Ingestion points: External time-series and metadata from the FRED API. \n
  • Boundary markers: No explicit delimiters or instructions are used to separate API data from agent logic. \n
  • Capability inventory: Shell access via the CLI, file-writing capabilities, and webhook posting. \n
  • Sanitization: No validation or escaping of API-sourced content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:37 PM
Security Audit — agent-trust-hub — pp-fred