pp-judge-me

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the judge-me-pp-cli and judge-me-pp-mcp binaries from the vendor's repository on GitHub (github.com/mvanhorn/printing-press-library). This is a standard installation procedure for the provided toolset.
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell command execution to invoke the judge-me-pp-cli binary. It includes features like --deliver webhook:<url> which allows routing command results to external endpoints, and it manages local state in ~/.local/share/judge-me-pp-cli/.
  • [PROMPT_INJECTION]: The skill processes external data (product reviews) that is explicitly documented as unsanitized. This represents an indirect prompt injection attack surface.
  • Ingestion points: Untrusted data enters the context through commands like judge-me-pp-cli reviews index and judge-me-pp-cli reviews get.
  • Boundary markers: The instructions do not specify any delimiters or warnings to ignore embedded instructions in the ingested data.
  • Capability inventory: The agent has the capability to execute shell commands via the Bash tool and the CLI itself.
  • Sanitization: The skill documentation explicitly notes that review content is "not sanitized" and may include raw information.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 04:20 PM
Security Audit — agent-trust-hub — pp-judge-me