Skills
skills/mvanhorn/printing-press-library/pp-movie-goat/Gen Agent Trust Hub

pp-movie-goat

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs CLI tools from the author's NPM package (@mvanhorn/printing-press) and GitHub repository (github.com/mvanhorn/printing-press-library). These sources are consistent with the provided vendor context.
  • [COMMAND_EXECUTION]: Executes the movie-goat-pp-cli binary to handle filmography research, ratings retrieval, and watchlist management.
  • [DATA_EXFILTRATION]: Provides a webhook delivery option via the --deliver flag, which can transmit command output to arbitrary remote URLs.
  • [PROMPT_INJECTION]: Processes user-supplied arguments directly into shell commands. * Ingestion points: User-provided command arguments handled in the Direct Use section of SKILL.md. * Boundary markers: None identified. * Capability inventory: Executes shell commands via movie-goat-pp-cli using the Read Bash tool. * Sanitization: No input validation or escaping logic is defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 05:02 PM