pp-marginalrevolution

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the marginalrevolution-pp-cli tool using the vendor's NPM package (@mvanhorn/printing-press) and Go repository (github.com/mvanhorn/printing-press-library).
  • [DATA_EXFILTRATION]: Documents a built-in CLI feature (--deliver webhook:<url>) that enables the transfer of command output to specified external webhooks.
  • [COMMAND_EXECUTION]: Instructs the agent to execute the marginalrevolution-pp-cli binary for tasks such as reading feeds, searching posts, and managing local profiles.
  • [PROMPT_INJECTION]: The skill ingests and processes content from the external Marginal Revolution RSS feed, creating an entry point for indirect prompt injection.
  • Ingestion points: RSS feed data processed by marginalrevolution-pp-cli in SKILL.md.
  • Boundary markers: None described in the skill instructions.
  • Capability inventory: Shell execution (marginalrevolution-pp-cli), file system writes (--deliver file:), and network requests (--deliver webhook:).
  • Sanitization: No explicit filtering or validation of the external RSS content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:28 PM
Security Audit — agent-trust-hub — pp-marginalrevolution