pp-medium-reader

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the medium-reader-pp-cli and medium-reader-pp-mcp tools from external sources, specifically github.com/mvanhorn/printing-press-library via Go and @mvanhorn/printing-press-library via NPM.
  • [REMOTE_CODE_EXECUTION]: The skill's primary function involves executing a locally installed binary tool that is fetched from a remote source.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (Bash) to install, verify, and interact with the Medium Reader CLI.
  • [DATA_EXFILTRATION]: The CLI tool documentation mentions a --deliver webhook:<url> feature, which allows the agent to POST command results and archived content to an arbitrary external URL.
  • [PROMPT_INJECTION]: The skill ingests and processes untrusted full-text content from Medium articles, RSS feeds, and search results into the agent's context. This creates an attack surface for indirect prompt injection where malicious content on Medium could attempt to influence the agent's behavior.
  • Ingestion points: Commands such as feed, read, search, and author-archive in SKILL.md fetch content from public Medium surfaces.
  • Boundary markers: None provided in the prompt templates to distinguish between instructions and ingested article data.
  • Capability inventory: The skill has the ability to execute shell commands and write data to a local SQLite store.
  • Sanitization: No explicit sanitization or filtering of the fetched Markdown/HTML content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 09:23 AM
Security Audit — agent-trust-hub — pp-medium-reader