pp-surgegraph

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill documents the --deliver webhook:<url> flag, which allows the agent to POST the output of any command to an arbitrary URL. This feature could be used to exfiltrate sensitive project data, document content, or organization settings to external endpoints.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the surgegraph-pp-cli using npx -y @mvanhorn/printing-press-library and go install github.com/mvanhorn/printing-press-library/.... These resources are hosted on well-known platforms and are owned by the vendor/author of the skill.
  • [CREDENTIALS_UNSAFE]: Commands such as get-openai-keys, get-gemini-keys, get-anthropic-keys, and get-api-key allow the agent to list and manage stored credentials. While the skill states that output is masked (last 4 characters visible), the ability for an agent to access and retrieve these configurations remains a potential risk factor.
  • [COMMAND_EXECUTION]: The skill executes the surgegraph-pp-cli binary with user-supplied and agent-generated arguments. It includes capabilities to interact with local files (via --deliver file:<path>) and local search caches.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting data from external answer engines and SurgeGraph project data which is then used in content generation and publishing workflows.
  • Ingestion points: get-ai-visibility-prompt-response, get-document, and search (SKILL.md).
  • Boundary markers: Absent; the skill does not define specific delimiters to isolate external data from instructions.
  • Capability inventory: publish-document-to-cms, update-document, and create-bulk-documents (SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the ingested content before it is used in write-intensive operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 03:27 PM
Security Audit — agent-trust-hub — pp-surgegraph