pp-xai

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the xai-pp-cli tool using npx from the @mvanhorn/printing-press-library package or via go install from github.com/mvanhorn/printing-press-library. These resources are provided by the skill vendor.
  • [COMMAND_EXECUTION]: Executes various shell commands using the xai-pp-cli binary to interact with xAI services, manage files, and perform health checks on API keys.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver flag that supports a webhook:<url> sink, allowing command output to be sent to external HTTP endpoints. It also includes an optional feedback mechanism that can transmit data to a remote server if XAI_FEEDBACK_ENDPOINT is configured.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from the xAI API and user-supplied arguments.
  • Ingestion points: User input via $ARGUMENTS and data retrieved from xAI API endpoints (SKILL.md).
  • Boundary markers: None specified for protecting against instructions embedded in external data.
  • Capability inventory: The skill has the ability to execute shell commands, perform network operations, and write to files using the CLI tool (SKILL.md).
  • Sanitization: No evidence of input validation or response sanitization is present in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 09:04 PM
Security Audit — agent-trust-hub — pp-xai