pp-domain-goat
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
domain-goatCLI via the commandnpx -y @mvanhorn/printing-press install domain-goat --cli-only. This involves downloading and executing code from the NPM registry under the vendor's namespace. - [COMMAND_EXECUTION]: The skill uses the
Read Bashtool to executedomain-goat-pp-clicommands for domain lookups, local SQLite synchronization, and list management. - [DATA_EXFILTRATION]: The CLI supports a
--deliver webhook:<url>flag that routes command output to an external URL. This documented feature could be used to transmit local domain shortlists, notes, or registry data to a remote server. - [PROMPT_INJECTION]: The skill processes untrusted content from external domain sources such as RDAP and WHOIS records, creating a surface for indirect prompt injection.
- Ingestion points: External domain metadata, registrar notes, and registry history ingested via the CLI tool (SKILL.md).
- Boundary markers: Absent; the instructions do not provide delimiters or warnings for the agent to ignore instructions embedded in domain registry data.
- Capability inventory: Command execution and file system interaction through the
Read Bashtool. - Sanitization: Absent; there is no mention of filtering or validating content retrieved from external domain registries.
Audit Metadata