pp-metacritic
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the
metacritic-pp-clitool usingnpx -y @mvanhorn/printing-press-libraryorgo install github.com/mvanhorn/printing-press-library/.... These resources are hosted on well-known registries (NPM and GitHub) and belong to the author's verified namespace. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the
metacritic-pp-clibinary via shell commands to query titles, reviews, and filters. - [DATA_EXFILTRATION]: The CLI tool contains a built-in
--deliverflag that supports awebhook:<url>sink. This allows the tool to POST its output directly to an arbitrary external URL, which could be used to exfiltrate data from the agent's environment. - [PROMPT_INJECTION]: The skill processes data from a public third-party API (metacritic.com), which introduces an attack surface for indirect prompt injection.
- Ingestion points: Data entering the context comes from the Metacritic JSON API (
backend.metacritic.com). - Boundary markers: There are no specified delimiters or instructions to the agent to treat the API output as untrusted data.
- Capability inventory: The agent has the ability to execute shell commands (
Read Bash) and write files. - Sanitization: The skill does not describe any validation or sanitization of the API results before they are presented to the agent.
Audit Metadata