pp-podscan

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the podscan-pp-cli tool using npx (from the @mvanhorn/printing-press package) and go install (from github.com/mvanhorn/printing-press-library). These repositories are controlled by the skill's author.
  • [DATA_EXFILTRATION]: The podscan-pp-cli binary supports a --deliver webhook:<url> flag, which allows the agent to send command output to an external HTTP endpoint. This capability can be used to exfiltrate data processed by the skill. Additionally, the feedback command can be configured to send local notes to a remote endpoint via the PODSCAN_FEEDBACK_ENDPOINT environment variable.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it searches and retrieves content from third-party podcast transcripts and metadata which could contain malicious instructions.
  • Ingestion points: Untrusted content is ingested via the episodes search and podcasts search commands defined in SKILL.md.
  • Boundary markers: There are no boundary markers or instructions provided to the agent to disregard malicious prompts within the processed data.
  • Capability inventory: The skill uses the Bash tool and can write to files or the network using the CLI's built-in delivery features.
  • Sanitization: The instructions do not specify any sanitization or validation of the data retrieved from the Podscan API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:27 PM
Security Audit — agent-trust-hub — pp-podscan