pp-function-health

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands by interpolating user-provided arguments ($ARGUMENTS) into the function-health-pp-cli tool call.
  • Evidence: The 'Direct Use' section specifies: function-health-pp-cli <command> [subcommand] [args] --agent.
  • Risk: Without explicit sanitization of shell metacharacters, this presents a command injection surface where malicious user input could lead to arbitrary code execution.
  • [DATA_EXFILTRATION]: The CLI tool described contains a feature to send results to arbitrary external URLs.
  • Evidence: The 'Output Delivery' section documentation for the --deliver webhook:<url> flag, which POSTs output to the provided URL.
  • Risk: This enables the exfiltration of sensitive health data (biomarkers, clinician notes, BMI) to untrusted third-party servers.
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading a CLI tool from a remote repository.
  • Evidence: Installation instructions call for npx -y @mvanhorn/printing-press-library install function-health --cli-only.
  • Note: This is a vendor-sourced package, but it involves runtime execution of remote code during the setup process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 03:43 AM
Security Audit — agent-trust-hub — pp-function-health