pp-redfin

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of a CLI tool and an MCP server using go install from a GitHub repository (github.com/mvanhorn/printing-press-library) and npx from an NPM package (@mvanhorn/printing-press). These are documented as vendor resources associated with the skill author.
  • [DATA_EXFILTRATION]: The skill provides a --deliver webhook:<url> flag, allowing the agent to POST command results to an external endpoint. While presented as a delivery feature, it constitutes a potential data exfiltration vector if used to transmit sensitive information extracted from the environment.
  • [PROMPT_INJECTION]: The skill processes untrusted data from the Redfin Stingray API, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Property listing details, search results, and market trends are fetched from Redfin's internal JSON endpoints (SKILL.md).
  • Boundary markers: Absent. The skill does not define delimiters or instructions to treat the ingested data as untrusted content.
  • Capability inventory: The skill has the ability to execute shell commands via the redfin-pp-cli binary, perform network operations via webhooks, and write to the local file system (SKILL.md).
  • Sanitization: Absent. There is no evidence of validation or sanitization of the retrieved API content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:20 AM
Security Audit — agent-trust-hub — pp-redfin