pp-ufo

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the ufo-goat-pp-cli tool using npx from the @mvanhorn/printing-press package and go install from the github.com/mvanhorn/printing-press-library repository. These resources are associated with the designated author/vendor.
  • [DATA_EXFILTRATION]: The CLI tool provides a --deliver webhook:<url> capability, which allows the agent to POST command results (including file data and metadata) to arbitrary external network endpoints. Additionally, the sync command allows the use of a --manifest-url to fetch data from unverified sources.
  • [COMMAND_EXECUTION]: The skill requires the Read Bash tool to execute the ufo-goat-pp-cli binary and manage local state in a SQLite database. It includes functionality to write command output to arbitrary local file paths via the --deliver file:<path> flag.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
  • Ingestion points: Data enters the agent's context through files search, files list, and files get commands which retrieve external government records (titles, descriptions, and locations) from the PURSUE archive.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the command templates.
  • Capability inventory: The tool possesses the capability to write to the local filesystem (--deliver file:) and perform network egress (--deliver webhook:) as documented in SKILL.md.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the file archive before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 11:38 PM
Security Audit — agent-trust-hub — pp-ufo