pp-producthunt

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the producthunt-pp-cli tool and an MCP server from the author's own GitHub repository (github.com/mvanhorn/printing-press-library) and npm registry (@mvanhorn/printing-press). These are vendor-controlled resources used to provide the skill's core functionality.\n- [COMMAND_EXECUTION]: The skill executes the producthunt-pp-cli binary using the Read Bash tool to retrieve and process Product Hunt data.\n- [PROMPT_INJECTION]:\n
  • Ingestion points: The skill retrieves untrusted data from the Product Hunt API, such as taglines, project descriptions, and user comments, using commands like posts list and posts comments.\n
  • Boundary markers: Absent. The instructions do not define explicit delimiters to isolate external content from the agent's instructions.\n
  • Capability inventory: The skill uses the Read Bash tool. The provided CLI tool also includes features to write output to local files (--deliver file:<path>) and transmit data to external URLs via webhooks (--deliver webhook:<url>).\n
  • Sanitization: Absent. There is no mention of sanitizing or filtering the retrieved content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 04:21 AM
Security Audit — agent-trust-hub — pp-producthunt