pp-postman-explore

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires installing external software components from the author's infrastructure:
  • Installs an NPM package using npx -y @mvanhorn/printing-press install postman-explore.
  • Installs Go binaries from github.com/mvanhorn/printing-press-library/library/developer-tools/postman-explore/cmd/postman-explore-pp-cli.
  • These resources are owned by the skill author and are necessary for the skill's intended operation.
  • [COMMAND_EXECUTION]: The skill's primary behavior involves executing the postman-explore-pp-cli binary with various arguments and subcommands to interact with the Postman API network.
  • [DATA_EXFILTRATION]: The CLI provides a --deliver webhook:<url> feature that allows the tool to POST its output directly to an external URL. If the agent processes sensitive information through this tool, this functionality could be leveraged to exfiltrate that data to an arbitrary endpoint.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted external data:
  • Ingestion points: Community-contributed Postman collections, workspaces, and API descriptions are fetched from postman.com/explore via the browse, search-all, and category commands.
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded in the retrieved content.
  • Capability inventory: The agent can execute the CLI tool, write data to local files, and perform network requests to arbitrary webhooks using the --deliver flag.
  • Sanitization: Absent. No filtering or validation of the retrieved content is described in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:19 AM
Security Audit — agent-trust-hub — pp-postman-explore