pp-medium-reader
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the
medium-reader-pp-cliandmedium-reader-pp-mcptools from external sources, specificallygithub.com/mvanhorn/printing-press-libraryvia Go and@mvanhorn/printing-press-libraryvia NPM. - [REMOTE_CODE_EXECUTION]: The skill's primary function involves executing a locally installed binary tool that is fetched from a remote source.
- [COMMAND_EXECUTION]: The skill utilizes shell commands (Bash) to install, verify, and interact with the Medium Reader CLI.
- [DATA_EXFILTRATION]: The CLI tool documentation mentions a
--deliver webhook:<url>feature, which allows the agent to POST command results and archived content to an arbitrary external URL. - [PROMPT_INJECTION]: The skill ingests and processes untrusted full-text content from Medium articles, RSS feeds, and search results into the agent's context. This creates an attack surface for indirect prompt injection where malicious content on Medium could attempt to influence the agent's behavior.
- Ingestion points: Commands such as
feed,read,search, andauthor-archiveinSKILL.mdfetch content from public Medium surfaces. - Boundary markers: None provided in the prompt templates to distinguish between instructions and ingested article data.
- Capability inventory: The skill has the ability to execute shell commands and write data to a local SQLite store.
- Sanitization: No explicit sanitization or filtering of the fetched Markdown/HTML content is mentioned.
Audit Metadata