pp-trendhunter

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs executable code from external repositories maintained by the author using go install for the CLI and MCP components and npx for the installer package.
  • [COMMAND_EXECUTION]: The skill relies on executing the trendhunter-pp-cli tool through the system shell to perform core functions such as trend analysis, keyword clustering, and database management.
  • [DATA_EXFILTRATION]: The CLI tool contains a --deliver webhook:<url> feature that allows the transmission of scraped data and analysis results to external HTTP endpoints.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection:
  • Ingestion points: Processes untrusted content from TrendHunter.com RSS feeds, site maps, and trend page HTML (including JSON-LD FAQ data) in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore instructions within the scraped content are defined.
  • Capability inventory: Executes shell commands via the trendhunter-pp-cli binary in SKILL.md.
  • Sanitization: No mention of content sanitization or validation before the data is presented to or processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:39 AM
Security Audit — agent-trust-hub — pp-trendhunter