pp-loopnet
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
loopnet-pp-clitool usingnpxfrom the@mvanhorn/printing-press-librarypackage on NPM or viago installfrom the vendor's GitHub repository atgithub.com/mvanhorn/printing-press-library. - [COMMAND_EXECUTION]: The skill's primary function is to execute the
loopnet-pp-clibinary with various subcommands (inventory,sync,caprate, etc.) to process real estate data. - [DATA_EXFILTRATION]: The CLI tool provides an output delivery feature (
--deliver webhook:<url>) which allows sending the command output to an external URL. This is a functional feature for data pipelines but represents a pathway for sending data to remote services. - [PROMPT_INJECTION]: The skill ingest data from external sources (LoopNet property descriptions and listings) which could contain adversarial content. This represents a potential indirect prompt injection surface.
- Ingestion points: Data enters the agent context via the
inventory,property, andsynccommands which fetch live content from LoopNet.com. - Boundary markers: None identified in the skill instructions for the ingested data.
- Capability inventory: The skill can execute shell commands, write to the local file system (
--out), and perform network POST requests (webhook:<url>). - Sanitization: No explicit sanitization of property descriptions or external data is documented in the instructions.
Audit Metadata