pp-jimmy-johns

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool using npx -y @mvanhorn/printing-press install jimmy-johns --cli-only. This fetches and executes code from the npm registry.
  • [DATA_EXFILTRATION]: All commands support a --deliver webhook:<url> flag. This capability allows the agent to POST command results—which may include sensitive user data like delivery addresses, saved payment methods, and profile information—to any external URL.
  • [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands via the jimmy-johns-pp-cli binary to interact with the Jimmy John's API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external sources (Jimmy John's menu and store APIs).
  • Ingestion points: Data enters the context from the Jimmy John's API through commands like menu products and stores list (SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided when processing API results.
  • Capability inventory: The skill can execute shell commands, write to local files, and perform network POST requests via the CLI's delivery flags (SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the content returned from the external API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 11:27 PM
Security Audit — agent-trust-hub — pp-jimmy-johns