Skills
skills/mvanhorn/printing-press-library/pp-render/Gen Agent Trust Hub

pp-render

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires installing the render-pp-cli tool from the vendor's npm package (@mvanhorn/printing-press) or GitHub repository (github.com/mvanhorn/printing-press-library).
  • [COMMAND_EXECUTION]: The skill operates by running the render-pp-cli binary, which can perform actions such as deleting services, databases, and disks.
  • [DATA_EXFILTRATION]: The tool includes a --deliver flag to send output to webhooks and a feedback mechanism that can transmit data to a remote endpoint if configured.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. 1. Ingestion points: Reads external data including logs, environment variables, and blueprints (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Can delete services, databases, and disks, and modify environment configurations (SKILL.md). 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 07:52 AM