pp-redfin
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from NPM (
@mvanhorn/printing-press) and GitHub (github.com/mvanhorn/printing-press-library) usingnpxandgo installcommands. These sources are not in the verified safe list for this environment. - [REMOTE_CODE_EXECUTION]: The installation instructions for
redfin-pp-cliandredfin-pp-mcpinvolve fetching and executing binary code from remote repositories at runtime. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>argument that allows sending the results of any query (including property data and market trends) to an arbitrary external endpoint via HTTP POST. - [COMMAND_EXECUTION]: The skill facilitates the execution of the
redfin-pp-clibinary with user-provided arguments. It also allows writing data to arbitrary file paths on the local system using the--deliver file:<path>parameter, which could be used to overwrite sensitive configurations. - [PROMPT_INJECTION]: The skill processes untrusted data from Redfin's internal endpoints. While categorized as a lower risk, the combination of processing external data with the ability to write files and make network requests increases the surface for indirect prompt injection attacks.
Audit Metadata