Skills
skills/mvanhorn/printing-press-library/pp-marginalrevolution/Gen Agent Trust Hub

pp-marginalrevolution

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The CLI tool includes built-in arguments that allow for the redirection of command output to external or unauthorized locations.
  • The --deliver webhook:<url> parameter allows the agent to POST command results (including data retrieved from the RSS feed) to an arbitrary external URL.
  • The --deliver file:<path> parameter enables the writing of command output to any specified file path on the system, which can be used to overwrite configuration files or stage data.
  • A feedback reporting system allows for the transmission of local logs to a remote server when the MARGINALREVOLUTION_FEEDBACK_ENDPOINT environment variable is configured.
  • [EXTERNAL_DOWNLOADS]: The skill's setup process requires downloading and executing code from external repositories.
  • The primary installation method uses npx to fetch the @mvanhorn/printing-press package from the NPM registry.
  • An alternative installation method uses go install to download and compile source code from github.com/mvanhorn/printing-press-library.
  • [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from an external RSS feed while having access to powerful system capabilities.
  • Ingestion points: Data enters the agent's context through commands that read the Marginal Revolution RSS feed (e.g., feed, latest, read, search).
  • Boundary markers: There are no instructions for the agent to treat the RSS content as untrusted or to ignore any embedded directives.
  • Capability inventory: The agent possesses shell access via Read Bash and can use the CLI's own file-writing and webhook-delivery features to execute actions requested by malicious RSS content.
  • Sanitization: The skill does not implement any filtering or sanitization of the content fetched from the remote RSS source.
  • [TIME_DELAYED_OR_CONDITIONAL_ATTACKS]: The feedback mechanism contains conditional logic that gates network operations.
  • Remote data transmission only occurs if specific environment variables (like MARGINALREVOLUTION_FEEDBACK_AUTO_SEND) or flags are set, which could be used to hide exfiltration behavior during initial analysis.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 07:52 AM