pp-dominos
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The CLI tool includes an output delivery feature (
--deliver webhook:<url>) that enables sending command results directly to an external server. This can be used to exfiltrate sensitive user data, including order history, physical addresses, and contact information. - [EXTERNAL_DOWNLOADS]: The skill setup requires downloading executable components from external sources, specifically an NPM package (
@mvanhorn/printing-press) and a GitHub repository (github.com/mvanhorn/printing-press-library). - [REMOTE_CODE_EXECUTION]: The recommended installation methods (
npx -yandgo install) execute code fetched from remote package registries and version control systems during the skill's setup process. - [COMMAND_EXECUTION]: The skill's core functionality involves executing the
dominos-pp-clibinary with various shell arguments, which allows it to perform network requests and access the local filesystem. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Untrusted data enters the agent context from Domino's API responses (SKILL.md). There is an absence of boundary markers or 'ignore' instructions for this data. The skill's capabilities include full subprocess execution via the CLI binary (SKILL.md). No specific sanitization or filtering of the external API content is documented before it is handled by the agent.
Audit Metadata