pp-sec-edgar

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool using npx from @mvanhorn/printing-press and go install from github.com/mvanhorn/printing-press-library. These are vendor-owned resources used for the skill's primary function.\n- [DATA_EXFILTRATION]: The sec-edgar-pp-cli tool supports a --deliver webhook:<url> flag that allows the agent to POST command results to an external URL. Additionally, the tool includes a feedback mechanism that can POST data to a user-configured endpoint (SEC_EDGAR_FEEDBACK_ENDPOINT). These features create potential exfiltration paths for data processed by the tool.\n- [COMMAND_EXECUTION]: The skill relies on the execution of the sec-edgar-pp-cli binary. While necessary for the skill's functionality, it involves running a compiled binary on the local system.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources (SEC EDGAR filings and XBRL feeds) which could contain malicious instructions designed to influence the agent's behavior during processing. This is a form of indirect prompt injection.\n
  • Ingestion points: SEC Atom feeds (watch), company filings (submissions), and financial facts (facts).\n
  • Boundary markers: None identified in the prompt instructions to delimit untrusted data.\n
  • Capability inventory: File system writes (--deliver file:<path>), network requests (SEC APIs, webhooks), and bash execution (Read Bash tool).\n
  • Sanitization: No explicit sanitization or validation of the ingested SEC data is described in the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 01:49 AM
Security Audit — agent-trust-hub — pp-sec-edgar