pp-pvgis
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
pvgis-pp-clibinary usingnpxfrom the@mvanhorn/printing-press-librarypackage or viago installfrom the vendor's repository (github.com/mvanhorn/printing-press-library). These are vendor-owned resources. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>flag that enables the agent to POST command results to an arbitrary external URL. This capability represents a significant data exfiltration surface if the agent processes sensitive location or site data. - [DATA_EXFILTRATION]: The
feedbackcommand is capable of sending local data to a remote endpoint if thePVGIS_FEEDBACK_ENDPOINTenvironment variable is configured, which could be abused to exfiltrate logs or configuration. - [COMMAND_EXECUTION]: The skill operates by executing the
pvgis-pp-clibinary with various arguments and flags. It specifically utilizes an--agentmode to facilitate non-interactive execution by the AI. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external data.
- Ingestion points: External CSV files are ingested via the
--inputflag in thesites rankandweather similarcommands, and natural language strings are passed to thewhichcommand for capability discovery. - Boundary markers: There are no identified markers or instructions to the agent to ignore potentially malicious content embedded within the CSV data.
- Capability inventory: The skill has access to network operations (via the PVGIS API and the webhook delivery feature) and file system writes (via the
file:<path>delivery sink). - Sanitization: No evidence of sanitization or strict schema validation for the input CSV data was found in the skill instructions.
Audit Metadata