pp-openalex
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the author's repositories. It provides instructions to use
npxfor@mvanhorn/printing-pressandgo installforgithub.com/mvanhorn/printing-press-library. - [COMMAND_EXECUTION]: The skill relies on the
Bashtool to perform installation, verification, and execution of theopenalex-pp-clibinary. It executes shell commands to interact with the research database. - [DATA_EXFILTRATION]: The
openalex-pp-cliincludes a--deliverflag that supports awebhook:<url>sink. This allows the output of any command to be POSTed to an arbitrary external URL, which could be used to exfiltrate data if the agent is directed to use an attacker-controlled endpoint. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its argument handling.
- Ingestion points: The skill takes input from
$ARGUMENTSto construct shell commands. - Boundary markers: There are no boundary markers or delimiters used when interpolating user input into the shell command string.
- Capability inventory: The skill has access to the
Bashtool, allowing for full shell command execution. - Sanitization: The instructions do not specify any sanitization, escaping, or validation of the
$ARGUMENTSbefore they are passed to theBashtool.
Audit Metadata