pp-dominos

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The CLI tool includes an output delivery feature (--deliver webhook:<url>) that enables sending command results directly to an external server. This can be used to exfiltrate sensitive user data, including order history, physical addresses, and contact information.
  • [EXTERNAL_DOWNLOADS]: The skill setup requires downloading executable components from external sources, specifically an NPM package (@mvanhorn/printing-press) and a GitHub repository (github.com/mvanhorn/printing-press-library).
  • [REMOTE_CODE_EXECUTION]: The recommended installation methods (npx -y and go install) execute code fetched from remote package registries and version control systems during the skill's setup process.
  • [COMMAND_EXECUTION]: The skill's core functionality involves executing the dominos-pp-cli binary with various shell arguments, which allows it to perform network requests and access the local filesystem.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Untrusted data enters the agent context from Domino's API responses (SKILL.md). There is an absence of boundary markers or 'ignore' instructions for this data. The skill's capabilities include full subprocess execution via the CLI binary (SKILL.md). No specific sanitization or filtering of the external API content is documented before it is handled by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 03:17 AM
Security Audit — agent-trust-hub — pp-dominos