pp-hackernews

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The tool includes a --deliver webhook:<url> feature that allows the output of any command to be POSTed to an arbitrary external URL. While designed for data routing, this creates a potential vector for data exfiltration if the agent is directed to process sensitive information through the CLI.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the installation of the hackernews-pp-cli binary using npx -y @mvanhorn/printing-press or go install from github.com/mvanhorn/printing-press-library. These resources originate from the identified developer's infrastructure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves and processes unvalidated user-generated content from Hacker News (such as story titles and comment bodies).
  • Ingestion points: Data enters the agent's context through commands like items, stories, search, pulse, and hiring (SKILL.md).
  • Boundary markers: The tool uses --json and --agent flags to provide structured data, which helps delineate content but does not prevent the agent from interpreting instructions embedded within text fields.
  • Capability inventory: The skill has access to the Read Bash tool, allowing it to execute local CLI commands, perform network operations, and write to a local SQLite database.
  • Sanitization: There is no evidence of sanitization or filtering of the text content fetched from the Hacker News API before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 11:46 AM
Security Audit — agent-trust-hub — pp-hackernews