Skills
skills/mvanhorn/printing-press-library/pp-pokeapi/Gen Agent Trust Hub

pp-pokeapi

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches and installs the CLI tool and MCP server from the vendor's GitHub repository and npm registry using npx and go install commands.
  • [COMMAND_EXECUTION]: The skill relies on executing the pokeapi-pp-cli binary via the shell to perform data retrieval and analysis tasks.
  • [DATA_EXFILTRATION]: The tool includes a built-in --deliver webhook:<url> flag that enables POSTing command output to an arbitrary URL. While a core feature for data automation, it provides a functional capability for external data routing.
  • [PROMPT_INJECTION]: The skill demonstrates vulnerability surfaces for indirect prompt injection by processing untrusted user input through various subcommands.
  • Ingestion points: User-supplied strings used in the search, sql, which, and feedback command arguments.
  • Boundary markers: Absent from the command interpolation templates.
  • Capability inventory: Execution of the pokeapi-pp-cli tool which can perform data reads, file writes, and network operations.
  • Sanitization: No explicit sanitization or validation of input strings is documented in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:27 PM