pp-tenderned

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the tenderned-pp-cli tool using npx -y @mvanhorn/printing-press. This involves downloading and executing code from the npm registry belonging to the vendor.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> flag that allows sending the results of any command to an arbitrary external URL. This represents a potential data exfiltration vector if controlled by a malicious prompt.
  • [DATA_EXFILTRATION]: The skill mentions a feedback mechanism that can be configured to send data to an external endpoint via the TENDERNED_FEEDBACK_ENDPOINT environment variable.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the tenderned-pp-cli binary through the shell, including operations that download zip archives and fetch document content from the internet.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes untrusted data from external Dutch tender notices and associated document files (PDF/Word).
  • Ingestion points: The docs grep command reads text from external documents, and notices list fetches notice metadata.
  • Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from following instructions embedded within the ingested tender data.
  • Capability inventory: The agent has the ability to execute shell commands (tenderned-pp-cli), download files to the local system, and send data to external webhooks.
  • Sanitization: No sanitization, filtering, or validation of the external document content is mentioned before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 05:28 PM
Security Audit — agent-trust-hub — pp-tenderned