pp-openfda

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of the openfda-pp-cli tool using npx from the @mvanhorn/printing-press-library package on npm and through go install from a GitHub repository.
  • [REMOTE_CODE_EXECUTION]: The setup instructions involve fetching and executing code from external repositories (GitHub) and package registries (NPM) to install the necessary binary components.
  • [COMMAND_EXECUTION]: The skill is designed to execute the openfda-pp-cli binary with arguments and subcommands derived from user input ($ARGUMENTS), providing a broad command execution surface.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver flag that supports a webhook:<url> sink, allowing the agent to POST command results (potentially containing sensitive FDA data or system info) to arbitrary external URLs. It also includes a feedback command that can transmit local data to a remote endpoint if an environment variable is configured.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by processing external data from the OpenFDA API.
  • Ingestion points: Data returned from the FDA API via openfda-pp-cli commands.
  • Boundary markers: None specified to differentiate API data from instruction context.
  • Capability inventory: The skill has network access (webhooks) and file writing capabilities.
  • Sanitization: No mechanisms for sanitizing or validating API output are documented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 03:57 PM
Security Audit — agent-trust-hub — pp-openfda