pp-redfin
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of a CLI tool and an MCP server using
go installfrom a GitHub repository (github.com/mvanhorn/printing-press-library) andnpxfrom an NPM package (@mvanhorn/printing-press). These are documented as vendor resources associated with the skill author. - [DATA_EXFILTRATION]: The skill provides a
--deliver webhook:<url>flag, allowing the agent to POST command results to an external endpoint. While presented as a delivery feature, it constitutes a potential data exfiltration vector if used to transmit sensitive information extracted from the environment. - [PROMPT_INJECTION]: The skill processes untrusted data from the Redfin Stingray API, creating a surface for indirect prompt injection attacks.
- Ingestion points: Property listing details, search results, and market trends are fetched from Redfin's internal JSON endpoints (SKILL.md).
- Boundary markers: Absent. The skill does not define delimiters or instructions to treat the ingested data as untrusted content.
- Capability inventory: The skill has the ability to execute shell commands via the
redfin-pp-clibinary, perform network operations via webhooks, and write to the local file system (SKILL.md). - Sanitization: Absent. There is no evidence of validation or sanitization of the retrieved API content before it is processed by the agent.
Audit Metadata