pp-wavespeed
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the wavespeed-pp-cli binary from the vendor's GitHub repository (github.com/mvanhorn/printing-press-library) and NPM registry (@mvanhorn/printing-press-library) as described in SKILL.md.\n- [COMMAND_EXECUTION]: The skill relies on executing the wavespeed-pp-cli tool via the system shell to perform API operations and local library management.\n- [DATA_EXFILTRATION]: Contains a built-in --deliver webhook: functionality which allows the agent to POST command output to external URLs, creating a path for potential data exfiltration if directed to untrusted endpoints.\n- [PROMPT_INJECTION]: Susceptible to indirect prompt injection due to the processing of untrusted external data (such as briefs, CSV files, and JSON input) which is interpolated into CLI commands without sanitization or boundary markers.\n
- Ingestion points: Untrusted data enters the context via the plan brief-to-shotlist command (--prompt), the batch command (--from file), and the brand init command (--from-file) in SKILL.md.\n
- Boundary markers: The instructions do not define delimiters or ignore instructions for processed content.\n
- Capability inventory: The skill has capabilities to perform network requests (media-uploads, webhook delivery) and local file writes (file sink) using the wavespeed-pp-cli binary.\n
- Sanitization: There is no mention of validation, escaping, or filtering of the external content before it is processed.
Audit Metadata