pp-movie-goat

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the movie-goat-pp-cli tool from the author's GitHub repository and NPM registry using go install and npx during the setup process.
  • [COMMAND_EXECUTION]: The skill requires the execution of the custom movie-goat-pp-cli binary via shell commands to interact with movie and person data.
  • [DATA_EXFILTRATION]: The tool includes a --deliver webhook:<url> flag that allows the agent to POST command results to an external URL. This creates a potential channel for data exfiltration if the agent is directed to process sensitive information or route data to an untrusted endpoint.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where external data is ingested and processed alongside agent instructions.
  • Ingestion points: Untrusted data enters the context through command arguments for movie titles, actor names, and natural language queries passed to the which command.
  • Boundary markers: The skill does not define explicit boundary markers or delimiters to isolate processed data from instructions.
  • Capability inventory: The skill can execute shell commands, write to the local file system using the --deliver file: flag, and send data to external URLs via the --deliver webhook: flag.
  • Sanitization: There is no mention of sanitization or validation of external input before it is utilized by the CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 11:08 PM
Security Audit — agent-trust-hub — pp-movie-goat