pp-printify
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
printify-pp-clitool usingnpxfrom@mvanhorn/printing-press-libraryandgo installfromgithub.com/mvanhorn/printing-press-library. These are legitimate resources provided by the skill author. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag, which allows command output (potentially containing shop and product details) to be sent to a remote HTTP endpoint. It also includes afeedbackcommand that can transmit data to a configuredPRINTIFY_FEEDBACK_ENDPOINT. - [COMMAND_EXECUTION]: The skill operates by invoking the
printify-pp-clibinary. User-supplied input from$ARGUMENTSis passed directly to the CLI commands, which can lead to command injection if not properly handled by the underlying tool. - [PROMPT_INJECTION]: The skill facilitates processing of various external data files which presents an indirect prompt injection surface:
- Ingestion points: The CLI ingests untrusted data from multiple file types including
--product-file,--manifest,--csv,--orders-file, and--uploads-fileas described inSKILL.md. - Boundary markers: There are no explicit instructions or delimiters mentioned to prevent the agent from interpreting content within these files as instructions.
- Capability inventory: The agent can execute system commands via the
Bashtool and perform network operations or file writes through the CLI binary. - Sanitization: No sanitization or validation of the input file content is documented in the skill instructions.
Audit Metadata