pp-nasa-images

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the nasa-images-pp-cli tool using npx from the @mvanhorn package registry.
  • [COMMAND_EXECUTION]: The skill's primary functionality is delivered through the execution of the nasa-images-pp-cli binary, which manages local state, performs searches, and downloads media.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows routing the command output to an external URL via a POST request.
  • [PROMPT_INJECTION]: The skill ingests data from external NASA Image and Video Library endpoints, creating a potential surface for indirect prompt injection.
  • Ingestion points: External data enters through the NASA API endpoints and fetched caption files.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were identified.
  • Capability inventory: The skill utilizes subprocess calls to the CLI, file system writes for downloads, and network operations for webhook delivery.
  • Sanitization: No sanitization or content validation steps are documented for the ingested remote data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:38 AM
Security Audit — agent-trust-hub — pp-nasa-images