pp-grubhub
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the grubhub-pp-cli binary from the author's GitHub repository and via an npm package.
- [COMMAND_EXECUTION]: Executes the local grubhub-pp-cli binary to interact with the Grubhub API.
- [DATA_EXFILTRATION]: Includes a feature to deliver command output to external webhooks via the --deliver flag and a feedback mechanism that can transmit data to remote endpoints if configured.
- [PROMPT_INJECTION]: The skill processes external restaurant marketplace data which presents a surface for indirect prompt injection.
- Ingestion points: Fetches restaurant names, descriptions, and menu items from Grubhub (SKILL.md).
- Boundary markers: No specific delimiters or instructions to ignore embedded content are provided for tool output processing.
- Capability inventory: Accesses shell command execution through the Read Bash tool (SKILL.md).
- Sanitization: Employs structured JSON output and filtering flags to limit the scope of processed data (SKILL.md).
Audit Metadata