pp-visit-detroit-blog
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
visit-detroit-blog-pp-clibinary. This is executed usingnpxto download the@mvanhorn/printing-press-librarypackage from the npm registry or throughgo installto fetch the source from the author's GitHub repository (github.com/mvanhorn/printing-press-library).\n- [COMMAND_EXECUTION]: The agent is directed to use thevisit-detroit-blog-pp-clitool for all blog-related tasks. This includes syncing data to a local SQLite store, performing full-text searches, and resolving capabilities via a natural-languagewhichcommand.\n- [DATA_EXFILTRATION]: The CLI tool supports a--deliver webhook:<url>flag that routes command output to an arbitrary remote URL. Additionally, a feedback mechanism exists that can transmit data to a remote endpoint if a specific environment variable (VISIT_DETROIT_BLOG_FEEDBACK_ENDPOINT) is defined by the user.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it retrieves and processes blog article content from an external source (synced from Algolia). \n - Ingestion points: Content enters the context through
blogs get,search, andrecentcommands.\n - Boundary markers: None identified in the skill instructions.\n
- Capability inventory: The skill has
Read Bashtool access for executing CLI commands.\n - Sanitization: No explicit sanitization or filtering of the retrieved blog content is documented.
Audit Metadata