pp-hotelist
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to run the
hotelist-pp-clibinary to interact with hotel datasets. - [EXTERNAL_DOWNLOADS]: The instructions direct the installation of the CLI from vendor-managed sources using
npx -y @mvanhorn/printing-press-libraryandgo install github.com/mvanhorn/printing-press-library/.... - [DATA_EXFILTRATION]: The CLI supports an output delivery mechanism via a
--deliver webhook:<url>flag, which can send data to external endpoints. - [PROMPT_INJECTION]: The skill interacts with external traveler reviews from Hotelist.com, creating a surface for indirect prompt injection.
- Ingestion points: External hotel reviews and data are retrieved using the
hotelandrank-countrycommands in SKILL.md. - Boundary markers: The instructions encourage using
--jsonand--selectto filter and structure response data. - Capability inventory: The skill uses
Bashto execute commands and supports writing to files and external webhooks. - Sanitization: No evidence of sanitization or content filtering for the retrieved hotel data is present.
Audit Metadata