pp-goodreads
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
goodreads-pp-clitool usingnpxfrom the@mvanhorn/printing-press-librarynpm package or viago installfrom thegithub.com/mvanhorn/printing-press-libraryrepository. These resources belong to the vendor infrastructure. - [COMMAND_EXECUTION]: The skill requires the execution of shell commands to install and verify the CLI tool, and it serves as a driver for the
goodreads-pp-clibinary to perform Goodreads operations. - [DATA_EXFILTRATION]: The CLI includes an output delivery feature (
--deliver webhook:<url>) that allows data to be POSTed to arbitrary external URLs. Additionally, thefeedbackcommand can optionally transmit local entries to a remote endpoint if theGOODREADS_FEEDBACK_ENDPOINTenvironment variable is set. - [CREDENTIALS_UNSAFE]: The skill provides instructions for extracting sensitive session cookies (
_session_id2) and AWS AppSync JWTs from a browser session to authenticate requests. While these are necessary for interacting with private APIs, they involve handling raw credentials. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from Goodreads (e.g., reviews, home feeds, book descriptions).
- Ingestion points:
feed list,book <slug>, andreview getcommands inSKILL.md. - Boundary markers: None specified in the instructions.
- Capability inventory: The skill can execute shell commands via the CLI and send data to external webhooks.
- Sanitization: No explicit sanitization or filtering of external content is described before the data is processed by the agent.
Audit Metadata