pp-sec-edgar
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool using
npxfrom@mvanhorn/printing-pressandgo installfromgithub.com/mvanhorn/printing-press-library. These are vendor-owned resources used for the skill's primary function.\n- [DATA_EXFILTRATION]: Thesec-edgar-pp-clitool supports a--deliver webhook:<url>flag that allows the agent to POST command results to an external URL. Additionally, the tool includes a feedback mechanism that can POST data to a user-configured endpoint (SEC_EDGAR_FEEDBACK_ENDPOINT). These features create potential exfiltration paths for data processed by the tool.\n- [COMMAND_EXECUTION]: The skill relies on the execution of thesec-edgar-pp-clibinary. While necessary for the skill's functionality, it involves running a compiled binary on the local system.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources (SEC EDGAR filings and XBRL feeds) which could contain malicious instructions designed to influence the agent's behavior during processing. This is a form of indirect prompt injection.\n - Ingestion points: SEC Atom feeds (
watch), company filings (submissions), and financial facts (facts).\n - Boundary markers: None identified in the prompt instructions to delimit untrusted data.\n
- Capability inventory: File system writes (
--deliver file:<path>), network requests (SEC APIs, webhooks), and bash execution (Read Bashtool).\n - Sanitization: No explicit sanitization or validation of the ingested SEC data is described in the skill.
Audit Metadata