pp-doordash
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the
doordash-pp-clibinary from the vendor's official GitHub repository and NPM package. These downloads originate from the 'mvanhorn' developer organization. - [DATA_EXFILTRATION]: The
doordash-pp-clitool features a--deliver webhook:<url>flag, which allows the command output to be sent to an arbitrary external URL. This capability could be used to exfiltrate session data or order information if the agent is instructed to use a malicious URL. - [COMMAND_EXECUTION]: The skill executes the
doordash-pp-clibinary via the shell, incorporating arguments derived from user input. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the DoorDash API and incorporates it into the agent's context.
- Ingestion points:
SKILL.md(viasearch,menu, anditem-optionscommands that fetch data from DoorDash endpoints). - Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the API response.
- Capability inventory: Subprocess execution of the
doordash-pp-clibinary and network operations via the DoorDash API and webhooks. - Sanitization: Absent; the skill does not describe any filtering or escaping of the data fetched from the external API.
Audit Metadata