pp-printify

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the printify-pp-cli tool using npx from @mvanhorn/printing-press-library and go install from github.com/mvanhorn/printing-press-library. These are legitimate resources provided by the skill author.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag, which allows command output (potentially containing shop and product details) to be sent to a remote HTTP endpoint. It also includes a feedback command that can transmit data to a configured PRINTIFY_FEEDBACK_ENDPOINT.
  • [COMMAND_EXECUTION]: The skill operates by invoking the printify-pp-cli binary. User-supplied input from $ARGUMENTS is passed directly to the CLI commands, which can lead to command injection if not properly handled by the underlying tool.
  • [PROMPT_INJECTION]: The skill facilitates processing of various external data files which presents an indirect prompt injection surface:
  • Ingestion points: The CLI ingests untrusted data from multiple file types including --product-file, --manifest, --csv, --orders-file, and --uploads-file as described in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters mentioned to prevent the agent from interpreting content within these files as instructions.
  • Capability inventory: The agent can execute system commands via the Bash tool and perform network operations or file writes through the CLI binary.
  • Sanitization: No sanitization or validation of the input file content is documented in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:34 PM
Security Audit — agent-trust-hub — pp-printify