pp-ufo
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
ufo-goat-pp-clitool usingnpxfrom the@mvanhorn/printing-presspackage andgo installfrom thegithub.com/mvanhorn/printing-press-libraryrepository. These resources are associated with the designated author/vendor. - [DATA_EXFILTRATION]: The CLI tool provides a
--deliver webhook:<url>capability, which allows the agent to POST command results (including file data and metadata) to arbitrary external network endpoints. Additionally, thesynccommand allows the use of a--manifest-urlto fetch data from unverified sources. - [COMMAND_EXECUTION]: The skill requires the
Read Bashtool to execute theufo-goat-pp-clibinary and manage local state in a SQLite database. It includes functionality to write command output to arbitrary local file paths via the--deliver file:<path>flag. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
- Ingestion points: Data enters the agent's context through
files search,files list, andfiles getcommands which retrieve external government records (titles, descriptions, and locations) from the PURSUE archive. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the command templates.
- Capability inventory: The tool possesses the capability to write to the local filesystem (
--deliver file:) and perform network egress (--deliver webhook:) as documented inSKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the file archive before it is processed by the agent.
Audit Metadata