pp-xai
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the
xai-pp-clitool usingnpxfrom the@mvanhorn/printing-press-librarypackage or viago installfromgithub.com/mvanhorn/printing-press-library. These resources are provided by the skill vendor. - [COMMAND_EXECUTION]: Executes various shell commands using the
xai-pp-clibinary to interact with xAI services, manage files, and perform health checks on API keys. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliverflag that supports awebhook:<url>sink, allowing command output to be sent to external HTTP endpoints. It also includes an optional feedback mechanism that can transmit data to a remote server ifXAI_FEEDBACK_ENDPOINTis configured. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from the xAI API and user-supplied arguments.
- Ingestion points: User input via
$ARGUMENTSand data retrieved from xAI API endpoints (SKILL.md). - Boundary markers: None specified for protecting against instructions embedded in external data.
- Capability inventory: The skill has the ability to execute shell commands, perform network operations, and write to files using the CLI tool (SKILL.md).
- Sanitization: No evidence of input validation or response sanitization is present in the skill instructions.
Audit Metadata