pp-metacritic

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the metacritic-pp-cli tool using npx -y @mvanhorn/printing-press-library or go install github.com/mvanhorn/printing-press-library/.... These resources are hosted on well-known registries (NPM and GitHub) and belong to the author's verified namespace.
  • [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the metacritic-pp-cli binary via shell commands to query titles, reviews, and filters.
  • [DATA_EXFILTRATION]: The CLI tool contains a built-in --deliver flag that supports a webhook:<url> sink. This allows the tool to POST its output directly to an arbitrary external URL, which could be used to exfiltrate data from the agent's environment.
  • [PROMPT_INJECTION]: The skill processes data from a public third-party API (metacritic.com), which introduces an attack surface for indirect prompt injection.
  • Ingestion points: Data entering the context comes from the Metacritic JSON API (backend.metacritic.com).
  • Boundary markers: There are no specified delimiters or instructions to the agent to treat the API output as untrusted data.
  • Capability inventory: The agent has the ability to execute shell commands (Read Bash) and write files.
  • Sanitization: The skill does not describe any validation or sanitization of the API results before they are presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:21 AM
Security Audit — agent-trust-hub — pp-metacritic