pp-function-health
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands by interpolating user-provided arguments ($ARGUMENTS) into the
function-health-pp-clitool call. - Evidence: The 'Direct Use' section specifies:
function-health-pp-cli <command> [subcommand] [args] --agent. - Risk: Without explicit sanitization of shell metacharacters, this presents a command injection surface where malicious user input could lead to arbitrary code execution.
- [DATA_EXFILTRATION]: The CLI tool described contains a feature to send results to arbitrary external URLs.
- Evidence: The 'Output Delivery' section documentation for the
--deliver webhook:<url>flag, which POSTs output to the provided URL. - Risk: This enables the exfiltration of sensitive health data (biomarkers, clinician notes, BMI) to untrusted third-party servers.
- [EXTERNAL_DOWNLOADS]: The skill requires downloading a CLI tool from a remote repository.
- Evidence: Installation instructions call for
npx -y @mvanhorn/printing-press-library install function-health --cli-only. - Note: This is a vendor-sourced package, but it involves runtime execution of remote code during the setup process.
Audit Metadata