pp-postman-explore
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing external software components from the author's infrastructure:
- Installs an NPM package using
npx -y @mvanhorn/printing-press install postman-explore. - Installs Go binaries from
github.com/mvanhorn/printing-press-library/library/developer-tools/postman-explore/cmd/postman-explore-pp-cli. - These resources are owned by the skill author and are necessary for the skill's intended operation.
- [COMMAND_EXECUTION]: The skill's primary behavior involves executing the
postman-explore-pp-clibinary with various arguments and subcommands to interact with the Postman API network. - [DATA_EXFILTRATION]: The CLI provides a
--deliver webhook:<url>feature that allows the tool to POST its output directly to an external URL. If the agent processes sensitive information through this tool, this functionality could be leveraged to exfiltrate that data to an arbitrary endpoint. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted external data:
- Ingestion points: Community-contributed Postman collections, workspaces, and API descriptions are fetched from
postman.com/explorevia thebrowse,search-all, andcategorycommands. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded in the retrieved content.
- Capability inventory: The agent can execute the CLI tool, write data to local files, and perform network requests to arbitrary webhooks using the
--deliverflag. - Sanitization: Absent. No filtering or validation of the retrieved content is described in the skill instructions.
Audit Metadata