pp-podscan
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
podscan-pp-clitool usingnpx(from the@mvanhorn/printing-presspackage) andgo install(fromgithub.com/mvanhorn/printing-press-library). These repositories are controlled by the skill's author. - [DATA_EXFILTRATION]: The
podscan-pp-clibinary supports a--deliver webhook:<url>flag, which allows the agent to send command output to an external HTTP endpoint. This capability can be used to exfiltrate data processed by the skill. Additionally, thefeedbackcommand can be configured to send local notes to a remote endpoint via thePODSCAN_FEEDBACK_ENDPOINTenvironment variable. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it searches and retrieves content from third-party podcast transcripts and metadata which could contain malicious instructions.
- Ingestion points: Untrusted content is ingested via the
episodes searchandpodcasts searchcommands defined inSKILL.md. - Boundary markers: There are no boundary markers or instructions provided to the agent to disregard malicious prompts within the processed data.
- Capability inventory: The skill uses the
Bashtool and can write to files or the network using the CLI's built-in delivery features. - Sanitization: The instructions do not specify any sanitization or validation of the data retrieved from the Podscan API before it is processed by the agent.
Audit Metadata