pp-visit-detroit-blog

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the visit-detroit-blog-pp-cli binary. This is executed using npx to download the @mvanhorn/printing-press-library package from the npm registry or through go install to fetch the source from the author's GitHub repository (github.com/mvanhorn/printing-press-library).\n- [COMMAND_EXECUTION]: The agent is directed to use the visit-detroit-blog-pp-cli tool for all blog-related tasks. This includes syncing data to a local SQLite store, performing full-text searches, and resolving capabilities via a natural-language which command.\n- [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag that routes command output to an arbitrary remote URL. Additionally, a feedback mechanism exists that can transmit data to a remote endpoint if a specific environment variable (VISIT_DETROIT_BLOG_FEEDBACK_ENDPOINT) is defined by the user.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it retrieves and processes blog article content from an external source (synced from Algolia). \n
  • Ingestion points: Content enters the context through blogs get, search, and recent commands.\n
  • Boundary markers: None identified in the skill instructions.\n
  • Capability inventory: The skill has Read Bash tool access for executing CLI commands.\n
  • Sanitization: No explicit sanitization or filtering of the retrieved blog content is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:18 AM
Security Audit — agent-trust-hub — pp-visit-detroit-blog