Skills
skills/mvanhorn/printing-press-library/pp-flight-goat/Gen Agent Trust Hub

pp-flight-goat

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> parameter that enables the agent to POST command results to any external URL. This feature represents a direct exfiltration vector if the agent is manipulated into processing and sending sensitive information.
  • [EXTERNAL_DOWNLOADS]: The skill instructions require installing binaries via go install from a third-party repository (github.com/mvanhorn) and npx for a package (@mvanhorn/printing-press), which executes code from external sources during the setup process.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes flight data from multiple external APIs.
  • Ingestion points: Data is retrieved from FlightAware AeroAPI, Google Flights, and Kayak.
  • Boundary markers: No explicit delimiters or warnings to ignore instructions within the API data are present in the skill.
  • Capability inventory: The skill can perform network operations (POST via webhooks), write to the file system, and execute shell commands.
  • Sanitization: No evidence of input/output sanitization or validation for external API content was found.
  • [COMMAND_EXECUTION]: The skill operates by driving a command-line interface (flight-goat-pp-cli), which is necessary for its functionality but expands the attack surface if the agent is tricked into injecting malicious arguments into the shell environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 05:32 PM