pp-hackernews
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The tool includes a
--deliver webhook:<url>feature that allows the output of any command to be POSTed to an arbitrary external URL. While designed for data routing, this creates a potential vector for data exfiltration if the agent is directed to process sensitive information through the CLI. - [EXTERNAL_DOWNLOADS]: The skill instructions direct the installation of the
hackernews-pp-clibinary usingnpx -y @mvanhorn/printing-pressorgo installfromgithub.com/mvanhorn/printing-press-library. These resources originate from the identified developer's infrastructure. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves and processes unvalidated user-generated content from Hacker News (such as story titles and comment bodies).
- Ingestion points: Data enters the agent's context through commands like
items,stories,search,pulse, andhiring(SKILL.md). - Boundary markers: The tool uses
--jsonand--agentflags to provide structured data, which helps delineate content but does not prevent the agent from interpreting instructions embedded within text fields. - Capability inventory: The skill has access to the
Read Bashtool, allowing it to execute local CLI commands, perform network operations, and write to a local SQLite database. - Sanitization: There is no evidence of sanitization or filtering of the text content fetched from the Hacker News API before it is presented to the agent.
Audit Metadata