pp-trustpilot
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process utilizes
npxto download and execute the@mvanhorn/printing-presspackage from the NPM registry. This package is owned by the skill's author. - [COMMAND_EXECUTION]: The skill operates by invoking the
trustpilot-pp-clibinary to perform search, analysis, and data retrieval tasks related to Trustpilot reviews. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>option and afeedbackcommand, which enable sending tool outputs or user feedback to external HTTP endpoints. These are documented capabilities. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external Trustpilot reviews. 1. Ingestion points:
reviewsandsearch-reviewscommands inSKILL.md. 2. Boundary markers: No delimiters or warnings are used to wrap ingested content. 3. Capability inventory: Execution of local CLI tool for data retrieval, analysis, and local SQLite storage. 4. Sanitization: No sanitization of the review content is specified.
Audit Metadata