pp-render
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a CLI tool using
npx -y @mvanhorn/printing-pressandgo install github.com/mvanhorn/printing-press-library/.... These sources are associated with the vendor context provided for this skill. - [COMMAND_EXECUTION]: The skill's primary operation involves executing the
render-pp-clibinary through shell commands to perform analytics and management tasks on Render services. - [DATA_EXFILTRATION]: The skill documents a
--deliver webhook:<url>feature that allows the output of any command to be POSTed to a remote URL. This capability can be used to send sensitive infrastructure metadata, audit logs, and service configurations to external endpoints. Additionally, thefeedbackcommand can transmit data to a configurableRENDER_FEEDBACK_ENDPOINT. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill retrieves and processes external data from the Render API, including logs (
render-pp-cli logs), audit entries (render-pp-cli audit search), and service events. - Boundary markers: The skill encourages the use of the
--agentflag, which outputs data in structured JSON format, providing some structural separation between data and instructions. - Capability inventory: The skill has shell execution capabilities via the
render-pp-cliand can perform network operations via the webhook delivery mechanism. - Sanitization: There is no explicit documentation of sanitization or filtering of the content retrieved from the Render API before it is presented to the agent's context.
Audit Metadata