pp-tenderned
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
tenderned-pp-clitool usingnpx -y @mvanhorn/printing-press. This involves downloading and executing code from the npm registry belonging to the vendor. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>flag that allows sending the results of any command to an arbitrary external URL. This represents a potential data exfiltration vector if controlled by a malicious prompt. - [DATA_EXFILTRATION]: The skill mentions a feedback mechanism that can be configured to send data to an external endpoint via the
TENDERNED_FEEDBACK_ENDPOINTenvironment variable. - [COMMAND_EXECUTION]: The skill facilitates the execution of the
tenderned-pp-clibinary through the shell, including operations that download zip archives and fetch document content from the internet. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes untrusted data from external Dutch tender notices and associated document files (PDF/Word).
- Ingestion points: The
docs grepcommand reads text from external documents, andnotices listfetches notice metadata. - Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from following instructions embedded within the ingested tender data.
- Capability inventory: The agent has the ability to execute shell commands (
tenderned-pp-cli), download files to the local system, and send data to external webhooks. - Sanitization: No sanitization, filtering, or validation of the external document content is mentioned before processing.
Audit Metadata