pp-goodreads

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the goodreads-pp-cli tool using npx from the @mvanhorn/printing-press-library npm package or via go install from the github.com/mvanhorn/printing-press-library repository. These resources belong to the vendor infrastructure.
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands to install and verify the CLI tool, and it serves as a driver for the goodreads-pp-cli binary to perform Goodreads operations.
  • [DATA_EXFILTRATION]: The CLI includes an output delivery feature (--deliver webhook:<url>) that allows data to be POSTed to arbitrary external URLs. Additionally, the feedback command can optionally transmit local entries to a remote endpoint if the GOODREADS_FEEDBACK_ENDPOINT environment variable is set.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for extracting sensitive session cookies (_session_id2) and AWS AppSync JWTs from a browser session to authenticate requests. While these are necessary for interacting with private APIs, they involve handling raw credentials.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from Goodreads (e.g., reviews, home feeds, book descriptions).
  • Ingestion points: feed list, book <slug>, and review get commands in SKILL.md.
  • Boundary markers: None specified in the instructions.
  • Capability inventory: The skill can execute shell commands via the CLI and send data to external webhooks.
  • Sanitization: No explicit sanitization or filtering of external content is described before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 12:52 AM
Security Audit — agent-trust-hub — pp-goodreads