pp-google-search-console
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires downloading a CLI tool from external NPM (@mvanhorn/printing-press) and GitHub (mvanhorn/printing-press-library) repositories associated with the author.
- [REMOTE_CODE_EXECUTION]: Setup instructions guide the agent to use 'npx -y' and 'go install' to download and execute code from remote repositories to initialize the environment.
- [DATA_EXFILTRATION]: The CLI tool provides a built-in '--deliver webhook:' capability that allows the transmission of Google Search Console data (queries, pages, sitemaps) to arbitrary external network endpoints.
- [COMMAND_EXECUTION]: Employs the 'Read Bash' tool to execute shell commands via the 'google-search-console-pp-cli' binary with support for user-supplied arguments.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks by ingesting search queries, URL strings, and sitemap content from Google Search Console results.
- Ingestion points: Data-fetching commands such as 'query-search-analytics' and 'sitemap-watch' in SKILL.md.
- Boundary markers: The tool outputs structured JSON and CSV, but instructions lack explicit boundary markers or directives to ignore instructions embedded in the search data.
- Capability inventory: The binary supports file system writes (via 'file:' sink) and network delivery (via 'webhook:' sink) in addition to 'Read Bash' tool access.
- Sanitization: No sanitization, filtering, or validation of the search console corpus data is mentioned before it is processed by the agent.
Audit Metadata