pp-openfda
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of the
openfda-pp-clitool usingnpxfrom the@mvanhorn/printing-press-librarypackage on npm and throughgo installfrom a GitHub repository. - [REMOTE_CODE_EXECUTION]: The setup instructions involve fetching and executing code from external repositories (GitHub) and package registries (NPM) to install the necessary binary components.
- [COMMAND_EXECUTION]: The skill is designed to execute the
openfda-pp-clibinary with arguments and subcommands derived from user input ($ARGUMENTS), providing a broad command execution surface. - [DATA_EXFILTRATION]: The CLI includes a
--deliverflag that supports awebhook:<url>sink, allowing the agent to POST command results (potentially containing sensitive FDA data or system info) to arbitrary external URLs. It also includes a feedback command that can transmit local data to a remote endpoint if an environment variable is configured. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by processing external data from the OpenFDA API.
- Ingestion points: Data returned from the FDA API via
openfda-pp-clicommands. - Boundary markers: None specified to differentiate API data from instruction context.
- Capability inventory: The skill has network access (webhooks) and file writing capabilities.
- Sanitization: No mechanisms for sanitizing or validating API output are documented.
Audit Metadata