pippit-skill
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages a suite of local Python scripts to interact with the Pippit API and manage the local creative workflow. These include scripts for submitting creative tasks, polling for results, and executing publishing operations.
- [DATA_EXPOSURE]: The skill manages a sensitive API key (
PIPPIT_ACCESS_KEY). It implements secure storage practices by saving the key to a dedicated configuration file (~/.codex/pippit-skill/secrets.json) with restricted filesystem permissions (0o600) to prevent unauthorized access by other users on the system. - [EXTERNAL_DOWNLOADS]: The
scripts/nest/download_results.pyscript is designed to fetch generated media assets (images and videos) from the Pippit.ai platform to the user's local directory. This functionality is essential for the skill's primary purpose of creative asset generation. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes and displays content retrieved from the external Pippit API (via
get_thread.py). - Ingestion points: Data enters the context through API responses processed in
scripts/nest/get_thread.pyandscripts/nest/_common.py(specifically messages and interactions). - Boundary markers: The instructions do not define explicit boundary markers for the data returned from the API.
- Capability inventory: The skill has the capability to perform network requests (
urllib), write files (download_results.py), and access the filesystem. - Sanitization: Content is parsed as JSON but not specifically sanitized for LLM instructions before being presented to the agent. This is a low-risk finding inherent to the skill's integration role.
Audit Metadata