pp-doordash

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the doordash-pp-cli binary from the vendor's official GitHub repository and NPM package. These downloads originate from the 'mvanhorn' developer organization.
  • [DATA_EXFILTRATION]: The doordash-pp-cli tool features a --deliver webhook:<url> flag, which allows the command output to be sent to an arbitrary external URL. This capability could be used to exfiltrate session data or order information if the agent is instructed to use a malicious URL.
  • [COMMAND_EXECUTION]: The skill executes the doordash-pp-cli binary via the shell, incorporating arguments derived from user input.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the DoorDash API and incorporates it into the agent's context.
  • Ingestion points: SKILL.md (via search, menu, and item-options commands that fetch data from DoorDash endpoints).
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the API response.
  • Capability inventory: Subprocess execution of the doordash-pp-cli binary and network operations via the DoorDash API and webhooks.
  • Sanitization: Absent; the skill does not describe any filtering or escaping of the data fetched from the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 02:39 PM
Security Audit — agent-trust-hub — pp-doordash