pp-scrape-creators
Warn
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install executable code from external sources via
npxandgo install. - Evidence:
npx -y @mvanhorn/printing-press install scrape-creators --cli-only(SKILL.md) - Evidence:
go install github.com/mvanhorn/printing-press-library/library/developer-tools/scrape-creators/cmd/scrape-creators-pp-cli@latest(SKILL.md) - [REMOTE_CODE_EXECUTION]: The installation process involves executing scripts and compiling binaries from remote repositories, which run with the user's local privileges.
- [DATA_EXFILTRATION]: The CLI tool contains a
--deliver webhook:<url>feature that allows the agent to POST scraped data to an arbitrary external URL. This capability can be misused to exfiltrate sensitive data or scraped content to attacker-controlled infrastructure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted content from external social media platforms.
- Ingestion points: The tool fetches video transcripts, creator biographies, post content, and advertisement metadata from TikTok, Instagram, Facebook, and YouTube (SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from following instructions embedded in the scraped content.
- Capability inventory: The skill can execute shell commands through the
scrape-creators-pp-clibinary, write to the file system, and perform network operations via thewebhooksink. - Sanitization: Absent. There is no evidence of filtering or validation for instructions hidden within the scraped data strings.
- [COMMAND_EXECUTION]: The skill operates by executing shell commands with user-provided arguments, increasing the risk of command injection if arguments are not properly handled by the agent.
Audit Metadata