pp-loopnet

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the loopnet-pp-cli tool using npx from the @mvanhorn/printing-press-library package on NPM or via go install from the vendor's GitHub repository at github.com/mvanhorn/printing-press-library.
  • [COMMAND_EXECUTION]: The skill's primary function is to execute the loopnet-pp-cli binary with various subcommands (inventory, sync, caprate, etc.) to process real estate data.
  • [DATA_EXFILTRATION]: The CLI tool provides an output delivery feature (--deliver webhook:<url>) which allows sending the command output to an external URL. This is a functional feature for data pipelines but represents a pathway for sending data to remote services.
  • [PROMPT_INJECTION]: The skill ingest data from external sources (LoopNet property descriptions and listings) which could contain adversarial content. This represents a potential indirect prompt injection surface.
  • Ingestion points: Data enters the agent context via the inventory, property, and sync commands which fetch live content from LoopNet.com.
  • Boundary markers: None identified in the skill instructions for the ingested data.
  • Capability inventory: The skill can execute shell commands, write to the local file system (--out), and perform network POST requests (webhook:<url>).
  • Sanitization: No explicit sanitization of property descriptions or external data is documented in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 09:03 AM
Security Audit — agent-trust-hub — pp-loopnet