pp-sncf-connect

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the sncf-connect-pp-cli tool using npx -y @mvanhorn/printing-press. This package belongs to the vendor's namespace and is used for setup.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands, including npx for installation and the sncf-connect-pp-cli binary for data retrieval and management tasks.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature that allows routing command output to an external HTTP endpoint. While this is a documented feature of the tool, it represents a capability for data transfer to remote systems.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from the Navitia API (navitia.io).
  • Ingestion points: Data is ingested through API responses when calling sncf-connect-pp-cli commands (e.g., coverage get, places get).
  • Boundary markers: The skill uses the --agent flag which enforces JSON output (--json), providing structured data boundaries.
  • Capability inventory: Uses the Bash tool to execute the CLI and the Read tool to access local configuration files.
  • Sanitization: No explicit sanitization of the API response content is mentioned in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 04:27 AM
Security Audit — agent-trust-hub — pp-sncf-connect