pp-lunch-money
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the author's repositories using
npx -y @mvanhorn/printing-pressorgo install github.com/mvanhorn/printing-press-library/.... - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>feature. This capability allows the agent to send command outputs, which may contain sensitive financial data such as transactions, balances, and net worth, to any arbitrary external URL. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by processing untrusted data.
- Ingestion points: Merchant names, transaction notes, and category descriptions are retrieved via
transactions,triage, andsummarycommands. - Boundary markers: The skill does not implement delimiters or provide instructions for the agent to ignore potentially malicious content within these data fields.
- Capability inventory: The agent can write data to local files, send it to external webhooks, and execute shell commands through the
Read Bashtool. - Sanitization: There is no documented sanitization of ingested financial data before it is presented to the agent's context.
Audit Metadata