pp-producthunt
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the
producthunt-pp-clitool and an MCP server from the author's own GitHub repository (github.com/mvanhorn/printing-press-library) and npm registry (@mvanhorn/printing-press). These are vendor-controlled resources used to provide the skill's core functionality.\n- [COMMAND_EXECUTION]: The skill executes theproducthunt-pp-clibinary using theRead Bashtool to retrieve and process Product Hunt data.\n- [PROMPT_INJECTION]:\n - Ingestion points: The skill retrieves untrusted data from the Product Hunt API, such as taglines, project descriptions, and user comments, using commands like
posts listandposts comments.\n - Boundary markers: Absent. The instructions do not define explicit delimiters to isolate external content from the agent's instructions.\n
- Capability inventory: The skill uses the
Read Bashtool. The provided CLI tool also includes features to write output to local files (--deliver file:<path>) and transmit data to external URLs via webhooks (--deliver webhook:<url>).\n - Sanitization: Absent. There is no mention of sanitizing or filtering the retrieved content before it is processed by the agent.
Audit Metadata