pp-domain-goat

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the domain-goat CLI via the command npx -y @mvanhorn/printing-press install domain-goat --cli-only. This involves downloading and executing code from the NPM registry under the vendor's namespace.
  • [COMMAND_EXECUTION]: The skill uses the Read Bash tool to execute domain-goat-pp-cli commands for domain lookups, local SQLite synchronization, and list management.
  • [DATA_EXFILTRATION]: The CLI supports a --deliver webhook:<url> flag that routes command output to an external URL. This documented feature could be used to transmit local domain shortlists, notes, or registry data to a remote server.
  • [PROMPT_INJECTION]: The skill processes untrusted content from external domain sources such as RDAP and WHOIS records, creating a surface for indirect prompt injection.
  • Ingestion points: External domain metadata, registrar notes, and registry history ingested via the CLI tool (SKILL.md).
  • Boundary markers: Absent; the instructions do not provide delimiters or warnings for the agent to ignore instructions embedded in domain registry data.
  • Capability inventory: Command execution and file system interaction through the Read Bash tool.
  • Sanitization: Absent; there is no mention of filtering or validating content retrieved from external domain registries.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 11:27 PM
Security Audit — agent-trust-hub — pp-domain-goat