pp-judge-me
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
judge-me-pp-cliandjudge-me-pp-mcpbinaries from the vendor's repository on GitHub (github.com/mvanhorn/printing-press-library). This is a standard installation procedure for the provided toolset. - [COMMAND_EXECUTION]: The skill makes extensive use of shell command execution to invoke the
judge-me-pp-clibinary. It includes features like--deliver webhook:<url>which allows routing command results to external endpoints, and it manages local state in~/.local/share/judge-me-pp-cli/. - [PROMPT_INJECTION]: The skill processes external data (product reviews) that is explicitly documented as unsanitized. This represents an indirect prompt injection attack surface.
- Ingestion points: Untrusted data enters the context through commands like
judge-me-pp-cli reviews indexandjudge-me-pp-cli reviews get. - Boundary markers: The instructions do not specify any delimiters or warnings to ignore embedded instructions in the ingested data.
- Capability inventory: The agent has the capability to execute shell commands via the
Bashtool and the CLI itself. - Sanitization: The skill documentation explicitly notes that review content is "not sanitized" and may include raw information.
Audit Metadata