pp-marianatek
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
marianatek-pp-clitool. It provides instructions to fetch this from the official@mvanhorn/printing-pressnpm package or the vendor's GitHub repository atgithub.com/mvanhorn/printing-press-library.- [COMMAND_EXECUTION]: The skill executes shell commands using themarianatek-pp-clibinary to search for classes, manage reservations, and check account status across multiple studio tenants.- [DATA_EXFILTRATION]: The integrated CLI tool includes a--deliver webhook:<url>feature. While this is a functional capability designed for automation and routing command results, it allows for the transmission of reservation and account data to external endpoints.- [PROMPT_INJECTION]: The skill ingests class schedules, instructor names, and studio metadata from the Mariana Tek API, which constitutes a potential surface for indirect prompt injection. - Ingestion points: Data retrieved from the Mariana Tek API via
marianatek-pp-clisearch and schedule commands. - Boundary markers: No explicit instruction-ignoring delimiters are mentioned for the external data, though the output is processed as structured JSON.
- Capability inventory: The skill uses the
Bashtool and performs network operations through the CLI binary. - Sanitization: No explicit sanitization of API-returned strings is described in the skill instructions.
Audit Metadata