pp-grubhub

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the grubhub-pp-cli binary from the author's GitHub repository and via an npm package.
  • [COMMAND_EXECUTION]: Executes the local grubhub-pp-cli binary to interact with the Grubhub API.
  • [DATA_EXFILTRATION]: Includes a feature to deliver command output to external webhooks via the --deliver flag and a feedback mechanism that can transmit data to remote endpoints if configured.
  • [PROMPT_INJECTION]: The skill processes external restaurant marketplace data which presents a surface for indirect prompt injection.
  • Ingestion points: Fetches restaurant names, descriptions, and menu items from Grubhub (SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided for tool output processing.
  • Capability inventory: Accesses shell command execution through the Read Bash tool (SKILL.md).
  • Sanitization: Employs structured JSON output and filtering flags to limit the scope of processed data (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:01 PM
Security Audit — agent-trust-hub — pp-grubhub