pp-ticketmaster
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install its core binary from external sources. Specifically, it uses
npxto install@mvanhorn/printing-pressfrom NPM andgo installto fetchticketmaster-pp-clifrom thegithub.com/mvanhorn/printing-press-libraryrepository. These are identified as vendor-owned resources. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag. This feature allows the output of any command to be transmitted to an arbitrary, user-defined URL via an HTTP POST request, which can be used to exfiltrate data processed by the skill. - [DATA_EXFILTRATION]: The skill documents a feedback mechanism that can be configured to automatically transmit local data from
~/.ticketmaster-pp-cli/feedback.jsonlto a remote endpoint if theTICKETMASTER_FEEDBACK_ENDPOINTandTICKETMASTER_FEEDBACK_AUTO_SENDenvironment variables are set. - [PROMPT_INJECTION]: The skill ingests untrusted data from the Ticketmaster Discovery API, creating a surface for indirect prompt injection. Malicious instructions embedded in event titles or descriptions could potentially influence the agent's behavior.
- Ingestion points: Data is retrieved from the Ticketmaster Discovery API via the
ticketmaster-pp-clicommands. - Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions within the retrieved API data.
- Capability inventory: The skill has access to the file system (via
Read Bashand the--deliver file:<path>flag) and the network (via the--deliver webhook:<url>flag). - Sanitization: There is no evidence of sanitization or filtering of the external API content before it is processed by the agent.
Audit Metadata