pp-coffee-goat

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill includes explicit data-exfiltration capabilities (a --deliver webhook: sink and an env-controlled automatic feedback endpoint) that can send local/user data to arbitrary external URLs, which is a high-risk feature for abuse; no obvious hidden eval/remote-code backdoor or obfuscated payloads are present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.72). The required runtime workflow for this skill invokes coffee-goat-pp-cli with --agent, and several commands (e.g., search, watch run, creator-review, transcript-search) rely on synced/upstream roaster and creator corpora that can include outsider-authored free text (product descriptions, transcripts/excerpts) which the CLI then returns as readable JSON fields into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite/install steps instruct running go install on GitHub modules (e.g. github.com/mvanhorn/printing-press-library/library/food-and-dining/coffee-goat/cmd/coffee-goat-pp-cli@latest and github.com/mvanhorn/printing-press-library/library/food-and-dining/coffee-goat/cmd/coffee-goat-pp-mcp@latest), which fetch remote code at install time that will be executed by the CLI and is required for the skill to operate.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 13, 2026, 07:21 PM
Issues
3
Security Audit — snyk — pp-coffee-goat