pp-nasa-images
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
nasa-images-pp-clitool usingnpxfrom the@mvanhornpackage registry. - [COMMAND_EXECUTION]: The skill's primary functionality is delivered through the execution of the
nasa-images-pp-clibinary, which manages local state, performs searches, and downloads media. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature that allows routing the command output to an external URL via a POST request. - [PROMPT_INJECTION]: The skill ingests data from external NASA Image and Video Library endpoints, creating a potential surface for indirect prompt injection.
- Ingestion points: External data enters through the NASA API endpoints and fetched caption files.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were identified.
- Capability inventory: The skill utilizes subprocess calls to the CLI, file system writes for downloads, and network operations for webhook delivery.
- Sanitization: No sanitization or content validation steps are documented for the ingested remote data.
Audit Metadata