Skills
skills/mvanhorn/printing-press-library/pp-steam-web/Gen Agent Trust Hub

pp-steam-web

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the steam-web-pp-cli and steam-web-pp-mcp tools from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and via NPM (@mvanhorn/printing-press).
  • [COMMAND_EXECUTION]: Executes the steam-web-pp-cli binary with arguments provided by the user to perform Steam API lookups.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the Steam Web API (such as game news, player profiles, and achievement descriptions). This data is interpolated into the agent's context, creating a surface for indirect prompt injection attacks.
  • Ingestion points: External data retrieved from Steam API via steam-web-pp-cli (SKILL.md).
  • Boundary markers: None identified; output is processed directly into the agent's context.
  • Capability inventory: The skill uses the Bash tool to execute system commands and the Read tool to access files (SKILL.md).
  • Sanitization: No explicit sanitization or filtering of API responses is mentioned in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 12:01 AM