pp-jimmy-johns
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool using
npx -y @mvanhorn/printing-press install jimmy-johns --cli-only. This fetches and executes code from the npm registry. - [DATA_EXFILTRATION]: All commands support a
--deliver webhook:<url>flag. This capability allows the agent to POST command results—which may include sensitive user data like delivery addresses, saved payment methods, and profile information—to any external URL. - [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands via the
jimmy-johns-pp-clibinary to interact with the Jimmy John's API. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external sources (Jimmy John's menu and store APIs).
- Ingestion points: Data enters the context from the Jimmy John's API through commands like
menu productsandstores list(SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded content are provided when processing API results.
- Capability inventory: The skill can execute shell commands, write to local files, and perform network POST requests via the CLI's delivery flags (SKILL.md).
- Sanitization: There is no evidence of sanitization or validation of the content returned from the external API before it is processed by the agent.
Audit Metadata