pp-hotelist

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to run the hotelist-pp-cli binary to interact with hotel datasets.
  • [EXTERNAL_DOWNLOADS]: The instructions direct the installation of the CLI from vendor-managed sources using npx -y @mvanhorn/printing-press-library and go install github.com/mvanhorn/printing-press-library/....
  • [DATA_EXFILTRATION]: The CLI supports an output delivery mechanism via a --deliver webhook:<url> flag, which can send data to external endpoints.
  • [PROMPT_INJECTION]: The skill interacts with external traveler reviews from Hotelist.com, creating a surface for indirect prompt injection.
  • Ingestion points: External hotel reviews and data are retrieved using the hotel and rank-country commands in SKILL.md.
  • Boundary markers: The instructions encourage using --json and --select to filter and structure response data.
  • Capability inventory: The skill uses Bash to execute commands and supports writing to files and external webhooks.
  • Sanitization: No evidence of sanitization or content filtering for the retrieved hotel data is present.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 09:27 PM
Security Audit — agent-trust-hub — pp-hotelist