pp-openalex

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the author's repositories. It provides instructions to use npx for @mvanhorn/printing-press and go install for github.com/mvanhorn/printing-press-library.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to perform installation, verification, and execution of the openalex-pp-cli binary. It executes shell commands to interact with the research database.
  • [DATA_EXFILTRATION]: The openalex-pp-cli includes a --deliver flag that supports a webhook:<url> sink. This allows the output of any command to be POSTed to an arbitrary external URL, which could be used to exfiltrate data if the agent is directed to use an attacker-controlled endpoint.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its argument handling.
  • Ingestion points: The skill takes input from $ARGUMENTS to construct shell commands.
  • Boundary markers: There are no boundary markers or delimiters used when interpolating user input into the shell command string.
  • Capability inventory: The skill has access to the Bash tool, allowing for full shell command execution.
  • Sanitization: The instructions do not specify any sanitization, escaping, or validation of the $ARGUMENTS before they are passed to the Bash tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:15 AM
Security Audit — agent-trust-hub — pp-openalex