pp-hotel-goat

Warn

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to download and install software from the vendor's repository using 'npx -y @mvanhorn/printing-press-library' and 'go install github.com/mvanhorn/printing-press-library'. While these resources belong to the vendor, they represent external code dependencies.
  • [REMOTE_CODE_EXECUTION]: The skill requires the execution of the 'hotel-goat-pp-cli' binary and uses the 'npx' tool during installation, both of which involve running code obtained from remote sources.
  • [DATA_EXFILTRATION]: The tool features a '--deliver webhook:' option that allows the agent to send output directly to an external HTTP endpoint. It also includes a feedback mechanism that can be configured to transmit local logs to a remote server via environment variables.
  • [PROMPT_INJECTION]: The skill ingests untrusted hotel data, such as reviews and property details, from Google Hotels and Trivago. This content is interpolated into the agent context without specified boundary markers or sanitization, creating an indirect prompt injection surface given the skill's network and file-writing capabilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 28, 2026, 01:30 AM
Security Audit — agent-trust-hub — pp-hotel-goat